Virus system32 + autre
Résolu/Fermé
feshme
Messages postés
94
Date d'inscription
lundi 17 août 2009
Statut
Membre
Dernière intervention
21 août 2009
-
17 août 2009 à 16:18
plopus Messages postés 5962 Date d'inscription jeudi 1 janvier 2009 Statut Contributeur sécurité Dernière intervention 11 mars 2012 - 21 août 2009 à 15:44
plopus Messages postés 5962 Date d'inscription jeudi 1 janvier 2009 Statut Contributeur sécurité Dernière intervention 11 mars 2012 - 21 août 2009 à 15:44
A voir également:
- Virus system32 + autre
- Youtu.be virus - Accueil - Guide virus
- Svchost.exe virus - Guide
- @System32\drivers\pci.sys, ✓ - Forum Windows
- Trojan b901 system32 win config 34 ✓ - Forum Virus
- Virus mcafee - Accueil - Piratage
128 réponses
feshme
Messages postés
94
Date d'inscription
lundi 17 août 2009
Statut
Membre
Dernière intervention
21 août 2009
19 août 2009 à 23:06
19 août 2009 à 23:06
RESULTAT LOG COMBOFIX
ComboFix 09-08-18.04 - Nuno 19/08/2009 22:48.3.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.758.401 [GMT 2:00]
Running from: c:\documents and settings\Nuno\Bureau\Fish.exe
Command switches used :: c:\documents and settings\Nuno\Bureau\CFScript.txt
* Created a new restore point
FILE ::
"c:\windows\braviax.exe"
"c:\windows\cru629.dat"
"c:\windows\orun32.ini"
"c:\windows\system32\braviax.exe"
"c:\windows\system32\cru629.dat"
"c:\windows\system32\drivers\sp_rsdrv2.sys"
"c:\windows\system32\drivers\tmcomm.sys"
"c:\windows\system32\MtxParhBFXPreview.dll"
"c:\windows\system32\MtxPreview.dll"
"c:\windows\system32\wisdstr.exe"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\tmp
c:\tmp\0001.jpg
c:\tmp\0001_0250.wav
c:\tmp\0002.jpg
c:\tmp\0003.jpg
c:\tmp\0004.jpg
c:\tmp\0005.jpg
c:\tmp\0006.jpg
c:\tmp\0007.jpg
c:\tmp\0008.jpg
c:\tmp\0009.jpg
c:\tmp\0010.jpg
c:\tmp\0011.jpg
c:\tmp\0012.jpg
c:\tmp\0013.jpg
c:\tmp\0014.jpg
c:\tmp\0015.jpg
c:\tmp\0016.jpg
c:\tmp\0017.jpg
c:\tmp\0018.jpg
c:\tmp\0019.jpg
c:\tmp\0020.jpg
c:\tmp\0021.jpg
c:\tmp\0022.jpg
c:\tmp\0023.jpg
c:\tmp\0024.jpg
c:\tmp\0025.jpg
c:\tmp\0026.jpg
c:\tmp\0027.jpg
c:\tmp\0028.jpg
c:\tmp\0029.jpg
c:\tmp\0030.jpg
c:\tmp\0031.jpg
c:\tmp\0032.jpg
c:\tmp\0033.jpg
c:\tmp\0034.jpg
c:\tmp\0035.jpg
c:\tmp\0036.jpg
c:\tmp\0037.jpg
c:\tmp\0038.jpg
c:\tmp\0039.jpg
c:\tmp\0040.jpg
c:\tmp\0041.jpg
c:\tmp\0042.jpg
c:\tmp\0043.jpg
c:\tmp\0044.jpg
c:\tmp\0045.jpg
c:\tmp\0046.jpg
c:\tmp\0047.jpg
c:\tmp\0048.jpg
c:\tmp\0049.jpg
c:\tmp\0050.jpg
c:\tmp\0051.jpg
c:\tmp\0052.jpg
c:\tmp\0053.jpg
c:\tmp\0054.jpg
c:\tmp\0055.jpg
c:\tmp\0056.jpg
c:\tmp\0057.jpg
c:\tmp\0058.jpg
c:\tmp\0059.jpg
c:\tmp\0060.jpg
c:\tmp\0061.jpg
c:\tmp\0062.jpg
c:\tmp\0063.jpg
c:\tmp\0064.jpg
c:\tmp\0065.jpg
c:\tmp\0066.jpg
c:\tmp\0067.jpg
c:\tmp\0068.jpg
c:\tmp\0069.jpg
c:\tmp\0070.jpg
c:\tmp\0071.jpg
c:\tmp\0072.jpg
c:\tmp\0073.jpg
c:\tmp\0074.jpg
c:\tmp\0075.jpg
c:\tmp\0076.jpg
c:\tmp\3476.blend
c:\tmp\3736.blend
c:\tmp\3968.blend
c:\tmp\7760.blend
c:\tmp\quit.blend
c:\windows\Fonts\img hearts.ttf
c:\windows\Fonts\img travel.ttf
c:\windows\orun32.ini
c:\windows\system32\drivers\tmcomm.sys
c:\windows\system32\MtxParhBFXPreview.dll
c:\windows\system32\MtxPreview.dll
Infected copy of c:\windows\system32\mspmsnsv.dll was found and disinfected
Restored copy from - c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
.
((((((((((((((((((((((((( Files Created from 2009-07-19 to 2009-08-19 )))))))))))))))))))))))))))))))
.
2009-08-19 15:45 . 2009-08-19 15:57 -------- d-----w- C:\FR-files
2009-08-19 15:34 . 2009-08-19 15:55 -------- d-----w- C:\WinFileReplace
2009-08-18 19:44 . 2004-08-05 13:00 1548288 ----a-w- c:\windows\system32\sfcfiles.dll
2009-08-18 19:44 . 2004-08-05 13:00 1548288 ----a-w- c:\windows\system32\dllcache\sfcfiles.dll
2009-08-18 14:53 . 2009-08-18 14:53 152576 ----a-w- c:\documents and settings\Nuno\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-18 11:51 . 2009-08-18 14:54 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-18 10:49 . 2009-08-18 10:49 -------- d-----w- c:\documents and settings\Nuno\Application Data\Malwarebytes
2009-08-18 10:48 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-18 10:48 . 2009-08-18 10:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-18 10:48 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-18 10:48 . 2009-08-18 10:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-18 06:06 . 2009-08-18 08:27 -------- d-----w- C:\UsbFix
2009-08-17 19:19 . 2009-08-17 19:20 -------- d-----w- C:\rsit
2009-08-17 13:29 . 2009-08-18 11:02 -------- d-----w- c:\program files\Trend Micro
2009-08-17 11:24 . 2009-08-17 11:36 -------- d-----w- c:\program files\a-squared Free
2009-08-15 16:22 . 2009-08-15 16:22 -------- d-----w- c:\program files\The Learning Company
2009-08-15 14:35 . 2009-08-15 14:35 -------- d-----w- c:\program files\Blender Foundation
2009-08-14 16:34 . 2009-08-14 16:34 -------- d-----w- C:\Python25
2009-08-13 05:06 . 2009-08-19 09:40 -------- d-----w- c:\program files\WinClamAVShield
2009-08-13 05:03 . 2009-08-13 05:03 -------- d-----w- c:\program files\Crawler
2009-08-13 05:03 . 2009-08-13 05:03 6144 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe
2009-08-13 05:03 . 2009-08-13 05:03 5632 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\fileobjinfo.sys
2009-08-13 05:03 . 2009-08-13 05:03 142592 ------w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-08-13 05:03 . 2009-08-19 20:46 -------- d-----w- c:\documents and settings\Nuno\Application Data\Spyware Terminator
2009-08-13 05:03 . 2009-08-19 09:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-08-13 05:03 . 2009-08-17 12:46 -------- d-----w- c:\program files\Spyware Terminator
2009-08-12 20:18 . 2009-08-13 04:52 -------- d-----w- c:\windows\BDOSCAN8
2009-08-12 18:33 . 2003-06-26 08:04 237568 ------w- c:\windows\system32\qtmlClient.dll
2009-08-12 18:33 . 2003-01-20 07:08 49152 ------w- c:\windows\system32\CvoAPI.dll
2009-08-12 18:32 . 2009-08-15 14:34 -------- d-----w- c:\program files\Boris FX, Inc
2009-08-12 04:56 . 2009-08-15 12:37 -------- d-----w- c:\program files\Fichiers communs\Reallusion
2009-08-11 18:58 . 2009-08-11 19:11 -------- d-----w- C:\3dsmax9Trial
2009-08-11 14:31 . 2008-03-30 16:55 1213784 ----a-w- c:\documents and settings\Nuno\Application Data\HouseCall 6.6\vsapi32.dll
2009-08-11 14:31 . 2006-11-22 15:48 91744 ----a-w- c:\documents and settings\Nuno\Application Data\HouseCall 6.6\BPMNT.dll
2009-08-11 14:31 . 2007-12-24 15:37 138384 ----a-w- c:\documents and settings\Nuno\Application Data\HouseCall 6.6\tmcomm.sys
2009-08-11 14:31 . 2006-07-07 14:29 1197584 ----a-w- c:\documents and settings\Nuno\Application Data\HouseCall 6.6\ssapi32.dll
2009-08-11 14:31 . 2009-03-27 15:38 366344 ----a-w- c:\documents and settings\Nuno\Application Data\HouseCall 6.6\tsc.exe
2009-08-11 14:30 . 2009-08-11 14:34 -------- d-----w- c:\documents and settings\Nuno\Application Data\HouseCall 6.6
2009-08-11 14:30 . 2009-08-11 14:30 -------- d-----w- c:\windows\system32\HouseCall 6.6
2009-08-09 09:35 . 2009-08-09 09:35 -------- d-----w- c:\program files\PopCap Games
2009-08-09 09:35 . 2009-08-09 09:36 -------- d-----w- c:\program files\Zuma Deluxe
2009-08-08 18:42 . 2009-08-18 13:51 10 ----a-w- c:\windows\popcinfo.dat
2009-08-08 17:40 . 2009-08-08 17:40 -------- d-----w- c:\program files\GameHouse
2009-08-08 17:16 . 2009-08-08 17:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Zylom
2009-08-08 09:58 . 2009-08-08 09:58 -------- d-----w- c:\program files\Microsoft Works
2009-08-08 09:58 . 2009-08-08 09:58 -------- d-----w- c:\program files\MSBuild
2009-08-08 09:55 . 2009-08-08 09:55 -------- d-----w- c:\program files\Microsoft.NET
2009-08-08 09:48 . 2009-08-08 09:48 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-08-08 09:47 . 2009-08-08 09:47 -------- d-----w- c:\documents and settings\Nuno\Local Settings\Application Data\Microsoft Help
2009-08-08 09:46 . 2009-08-08 10:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-08 08:35 . 2009-08-08 08:35 -------- d-----w- c:\program files\VirtualDJ
2009-08-07 22:47 . 2009-08-07 22:47 -------- d-----w- c:\documents and settings\Nuno\Application Data\DivX
2009-08-07 22:44 . 2009-08-07 22:44 -------- d-----w- c:\documents and settings\Nuno\Local Settings\Application Data\Downloaded Installations
2009-08-07 22:44 . 2009-08-07 22:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle Studio Ultimate
2009-08-07 18:10 . 2009-08-07 18:10 -------- d-----w- c:\program files\Smart Projects
2009-08-07 11:16 . 2009-08-07 11:16 -------- d-----w- c:\program files\SFR
2009-08-05 20:50 . 2009-08-05 20:50 -------- d-----w- c:\program files\MSECache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-19 20:54 . 2008-09-14 12:32 12 ----a-w- c:\windows\bthservsdp.dat
2009-08-18 14:54 . 2005-01-26 21:07 -------- d-----w- c:\program files\Java
2009-08-17 08:14 . 2005-01-26 21:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-15 16:55 . 2008-10-20 20:34 -------- d-----w- c:\documents and settings\Nuno\Application Data\BitTorrent
2009-08-15 14:33 . 2008-01-06 21:57 -------- d-----w- c:\program files\Pinnacle
2009-08-15 11:42 . 2004-08-17 09:31 76582 ------w- c:\windows\system32\perfc00C.dat
2009-08-15 11:42 . 2004-08-17 09:31 471484 ------w- c:\windows\system32\perfh00C.dat
2009-08-15 09:41 . 2008-05-19 10:28 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-12 18:11 . 2008-05-01 14:17 131744 ----a-w- c:\documents and settings\Nuno\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-08 11:17 . 2008-05-17 10:36 -------- d-----w- c:\documents and settings\Nuno\Application Data\proDAD
2009-08-08 11:12 . 2008-08-31 18:23 -------- d-----w- c:\program files\palmOne
2009-08-08 11:10 . 2005-07-24 01:07 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-08-05 20:39 . 2008-05-01 17:12 -------- d-----w- c:\documents and settings\Nuno\Application Data\LimeWire
2009-06-01 08:27 . 2009-06-01 08:27 603904 ------w- c:\windows\system32\TUProgSt.exe
2009-06-01 08:27 . 2009-06-01 08:27 362240 ------w- c:\windows\system32\TuneUpDefragService.exe
.
------- Sigcheck -------
[-] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ntfs.sys
[7] 2007-02-09 11:10 574464 19A811EF5F1ED5C926A028CE107FF1AF c:\windows\SoftwareDistribution\Download\e3bd9b90b867ba67afdd4c29dc49177c\sp2gdr\ntfs.sys
[7] 2007-02-09 11:23 574976 05AB81909514BFD69CBB1F2C147CF6B9 c:\windows\SoftwareDistribution\Download\e3bd9b90b867ba67afdd4c29dc49177c\sp2qfe\ntfs.sys
[-] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\system32\dllcache\ntfs.sys
[-] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\system32\drivers\ntfs.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PMCRemote"="c:\program files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2007-02-12 253000]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"SpywareTerminatorUpdate"="c:\progra~1\SPYWAR~2\SpywareTerminatorUpdate.exe" [2009-08-13 3055616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-11-23 163840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-01-26 98304]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-11-01 290816]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-09-07 213054]
"hpWirelessAssistant"="c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" [2004-12-08 790528]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"ChangeFilterMerit"="c:\program files\NewSoft\Presto! PVR\ChangeFilterMerit.exe" [2007-06-08 51280]
"Presto! PVR Monitor"="c:\program files\NewSoft\Presto! PVR\Monitor.exe" [2007-07-02 149328]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SpywareTerminator"="c:\progra~1\SPYWAR~2\SpywareTerminatorShield.exe" [2009-08-13 2171904]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-18 149280]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-08-24 88363]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-05 110592]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 FNETDEVI;FNETDEVI;c:\windows\system32\drivers\FNETDEVI.SYS [25/10/2008 14:15 19572]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [13/08/2009 07:03 142592]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [01/06/2009 10:27 603904]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe --> c:\program files\MAGIX\Common\Database\bin\fbserver.exe [?]
S3 MODRC;DiBcom Infrared Receiver;c:\windows\system32\drivers\modrc.sys [06/09/2008 19:58 13056]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2009-08-19 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 14:28]
2009-08-07 c:\windows\Tasks\Norton AntiVirus - Analyser mon ordinateur - MANUE.job
- c:\progra~1\NORTON~1\Navw32.exe [2004-08-24 23:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q105&bd=pavilion&pf=laptop
IE: Crawler Search - tbr:iemenu
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-19 22:57
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe??????????+????|?????? ???B???????????????B? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:2e,e8,e1,00,eb,16,2b,de,22,6a,97,f2,46,
7c,75,95,c8,28,51,af,b0,29,a3,98,e7,22,de,bc,86,cd,8e,d8,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,1e,22,a1,5b,80,
eb,a2,de,71,3b,04,66,8b,46,0d,96,28,99,e4,d6,fa,4b,49,6e,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,93,ea,e3,1b,ed,
f6,49,e9,25,da,ec,7e,55,20,c9,26,e1,bf,0f,a6,c6,cd,09,f6,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:6b,65,49,6a,7e,99,74,f7,ea,45,38,a8,70,
5e,13,69,3e,1e,9e,e0,57,5a,93,61,ec,e7,c7,64,44,3c,8b,1e,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,be,6e,c7,8f,1a,
c4,e8,ea,cd,44,cd,b9,a6,33,6c,cd,dd,6b,d4,fb,df,29,68,e3,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,bb,55,8a,54,dc,
b7,64,f5,b0,18,ed,a7,3f,8d,37,a4,12,5e,3d,20,22,04,7a,09,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:97,20,4e,9a,c7,f1,35,ee,51,d9,d1,b3,68,
0f,28,55,31,77,e1,ba,b1,f8,68,02,3d,ac,52,8f,7c,e1,9e,1c,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,34,8b,93,e6,d4,
e8,f9,47,83,6c,56,8b,a0,85,96,ab,35,ea,a3,9b,7c,03,03,31,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,a5,77,cc,8b,a4,
a5,c7,79,51,fa,6e,91,28,9e,14,cc,a0,fc,2b,a7,da,8a,f0,aa,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,d9,63,51,07,22,
8c,b6,7f,b1,cd,45,5a,a8,c4,f8,b9,63,77,4e,71,4c,e9,6f,3c,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,fd,c5,85,22,6a,
ef,53,25,e3,0e,66,d5,eb,bc,2f,6b,57,0e,fa,8f,5b,24,44,00,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,22,de,d6,8e,19,
a3,35,90,fa,ea,66,7f,d4,3b,6b,70,3f,8e,e6,09,c3,c6,a5,9b,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3380)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\a-squared Free\a2service.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Norton AntiVirus\navapsvc.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\Apoint2K\ApntEx.exe
c:\program files\HPQ\Shared\hpqwmi.exe
.
**************************************************************************
.
Completion time: 2009-08-19 23:02 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-19 21:02
Pre-Run: 20 305 174 528 octets libres
Post-Run: 20 367 757 312 octets libres
364 --- E O F --- 2008-10-23 17:32
ComboFix 09-08-18.04 - Nuno 19/08/2009 22:48.3.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.758.401 [GMT 2:00]
Running from: c:\documents and settings\Nuno\Bureau\Fish.exe
Command switches used :: c:\documents and settings\Nuno\Bureau\CFScript.txt
* Created a new restore point
FILE ::
"c:\windows\braviax.exe"
"c:\windows\cru629.dat"
"c:\windows\orun32.ini"
"c:\windows\system32\braviax.exe"
"c:\windows\system32\cru629.dat"
"c:\windows\system32\drivers\sp_rsdrv2.sys"
"c:\windows\system32\drivers\tmcomm.sys"
"c:\windows\system32\MtxParhBFXPreview.dll"
"c:\windows\system32\MtxPreview.dll"
"c:\windows\system32\wisdstr.exe"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\tmp
c:\tmp\0001.jpg
c:\tmp\0001_0250.wav
c:\tmp\0002.jpg
c:\tmp\0003.jpg
c:\tmp\0004.jpg
c:\tmp\0005.jpg
c:\tmp\0006.jpg
c:\tmp\0007.jpg
c:\tmp\0008.jpg
c:\tmp\0009.jpg
c:\tmp\0010.jpg
c:\tmp\0011.jpg
c:\tmp\0012.jpg
c:\tmp\0013.jpg
c:\tmp\0014.jpg
c:\tmp\0015.jpg
c:\tmp\0016.jpg
c:\tmp\0017.jpg
c:\tmp\0018.jpg
c:\tmp\0019.jpg
c:\tmp\0020.jpg
c:\tmp\0021.jpg
c:\tmp\0022.jpg
c:\tmp\0023.jpg
c:\tmp\0024.jpg
c:\tmp\0025.jpg
c:\tmp\0026.jpg
c:\tmp\0027.jpg
c:\tmp\0028.jpg
c:\tmp\0029.jpg
c:\tmp\0030.jpg
c:\tmp\0031.jpg
c:\tmp\0032.jpg
c:\tmp\0033.jpg
c:\tmp\0034.jpg
c:\tmp\0035.jpg
c:\tmp\0036.jpg
c:\tmp\0037.jpg
c:\tmp\0038.jpg
c:\tmp\0039.jpg
c:\tmp\0040.jpg
c:\tmp\0041.jpg
c:\tmp\0042.jpg
c:\tmp\0043.jpg
c:\tmp\0044.jpg
c:\tmp\0045.jpg
c:\tmp\0046.jpg
c:\tmp\0047.jpg
c:\tmp\0048.jpg
c:\tmp\0049.jpg
c:\tmp\0050.jpg
c:\tmp\0051.jpg
c:\tmp\0052.jpg
c:\tmp\0053.jpg
c:\tmp\0054.jpg
c:\tmp\0055.jpg
c:\tmp\0056.jpg
c:\tmp\0057.jpg
c:\tmp\0058.jpg
c:\tmp\0059.jpg
c:\tmp\0060.jpg
c:\tmp\0061.jpg
c:\tmp\0062.jpg
c:\tmp\0063.jpg
c:\tmp\0064.jpg
c:\tmp\0065.jpg
c:\tmp\0066.jpg
c:\tmp\0067.jpg
c:\tmp\0068.jpg
c:\tmp\0069.jpg
c:\tmp\0070.jpg
c:\tmp\0071.jpg
c:\tmp\0072.jpg
c:\tmp\0073.jpg
c:\tmp\0074.jpg
c:\tmp\0075.jpg
c:\tmp\0076.jpg
c:\tmp\3476.blend
c:\tmp\3736.blend
c:\tmp\3968.blend
c:\tmp\7760.blend
c:\tmp\quit.blend
c:\windows\Fonts\img hearts.ttf
c:\windows\Fonts\img travel.ttf
c:\windows\orun32.ini
c:\windows\system32\drivers\tmcomm.sys
c:\windows\system32\MtxParhBFXPreview.dll
c:\windows\system32\MtxPreview.dll
Infected copy of c:\windows\system32\mspmsnsv.dll was found and disinfected
Restored copy from - c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
.
((((((((((((((((((((((((( Files Created from 2009-07-19 to 2009-08-19 )))))))))))))))))))))))))))))))
.
2009-08-19 15:45 . 2009-08-19 15:57 -------- d-----w- C:\FR-files
2009-08-19 15:34 . 2009-08-19 15:55 -------- d-----w- C:\WinFileReplace
2009-08-18 19:44 . 2004-08-05 13:00 1548288 ----a-w- c:\windows\system32\sfcfiles.dll
2009-08-18 19:44 . 2004-08-05 13:00 1548288 ----a-w- c:\windows\system32\dllcache\sfcfiles.dll
2009-08-18 14:53 . 2009-08-18 14:53 152576 ----a-w- c:\documents and settings\Nuno\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-18 11:51 . 2009-08-18 14:54 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-18 10:49 . 2009-08-18 10:49 -------- d-----w- c:\documents and settings\Nuno\Application Data\Malwarebytes
2009-08-18 10:48 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-18 10:48 . 2009-08-18 10:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-18 10:48 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-18 10:48 . 2009-08-18 10:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-18 06:06 . 2009-08-18 08:27 -------- d-----w- C:\UsbFix
2009-08-17 19:19 . 2009-08-17 19:20 -------- d-----w- C:\rsit
2009-08-17 13:29 . 2009-08-18 11:02 -------- d-----w- c:\program files\Trend Micro
2009-08-17 11:24 . 2009-08-17 11:36 -------- d-----w- c:\program files\a-squared Free
2009-08-15 16:22 . 2009-08-15 16:22 -------- d-----w- c:\program files\The Learning Company
2009-08-15 14:35 . 2009-08-15 14:35 -------- d-----w- c:\program files\Blender Foundation
2009-08-14 16:34 . 2009-08-14 16:34 -------- d-----w- C:\Python25
2009-08-13 05:06 . 2009-08-19 09:40 -------- d-----w- c:\program files\WinClamAVShield
2009-08-13 05:03 . 2009-08-13 05:03 -------- d-----w- c:\program files\Crawler
2009-08-13 05:03 . 2009-08-13 05:03 6144 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe
2009-08-13 05:03 . 2009-08-13 05:03 5632 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\fileobjinfo.sys
2009-08-13 05:03 . 2009-08-13 05:03 142592 ------w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-08-13 05:03 . 2009-08-19 20:46 -------- d-----w- c:\documents and settings\Nuno\Application Data\Spyware Terminator
2009-08-13 05:03 . 2009-08-19 09:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-08-13 05:03 . 2009-08-17 12:46 -------- d-----w- c:\program files\Spyware Terminator
2009-08-12 20:18 . 2009-08-13 04:52 -------- d-----w- c:\windows\BDOSCAN8
2009-08-12 18:33 . 2003-06-26 08:04 237568 ------w- c:\windows\system32\qtmlClient.dll
2009-08-12 18:33 . 2003-01-20 07:08 49152 ------w- c:\windows\system32\CvoAPI.dll
2009-08-12 18:32 . 2009-08-15 14:34 -------- d-----w- c:\program files\Boris FX, Inc
2009-08-12 04:56 . 2009-08-15 12:37 -------- d-----w- c:\program files\Fichiers communs\Reallusion
2009-08-11 18:58 . 2009-08-11 19:11 -------- d-----w- C:\3dsmax9Trial
2009-08-11 14:31 . 2008-03-30 16:55 1213784 ----a-w- c:\documents and settings\Nuno\Application Data\HouseCall 6.6\vsapi32.dll
2009-08-11 14:31 . 2006-11-22 15:48 91744 ----a-w- c:\documents and settings\Nuno\Application Data\HouseCall 6.6\BPMNT.dll
2009-08-11 14:31 . 2007-12-24 15:37 138384 ----a-w- c:\documents and settings\Nuno\Application Data\HouseCall 6.6\tmcomm.sys
2009-08-11 14:31 . 2006-07-07 14:29 1197584 ----a-w- c:\documents and settings\Nuno\Application Data\HouseCall 6.6\ssapi32.dll
2009-08-11 14:31 . 2009-03-27 15:38 366344 ----a-w- c:\documents and settings\Nuno\Application Data\HouseCall 6.6\tsc.exe
2009-08-11 14:30 . 2009-08-11 14:34 -------- d-----w- c:\documents and settings\Nuno\Application Data\HouseCall 6.6
2009-08-11 14:30 . 2009-08-11 14:30 -------- d-----w- c:\windows\system32\HouseCall 6.6
2009-08-09 09:35 . 2009-08-09 09:35 -------- d-----w- c:\program files\PopCap Games
2009-08-09 09:35 . 2009-08-09 09:36 -------- d-----w- c:\program files\Zuma Deluxe
2009-08-08 18:42 . 2009-08-18 13:51 10 ----a-w- c:\windows\popcinfo.dat
2009-08-08 17:40 . 2009-08-08 17:40 -------- d-----w- c:\program files\GameHouse
2009-08-08 17:16 . 2009-08-08 17:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Zylom
2009-08-08 09:58 . 2009-08-08 09:58 -------- d-----w- c:\program files\Microsoft Works
2009-08-08 09:58 . 2009-08-08 09:58 -------- d-----w- c:\program files\MSBuild
2009-08-08 09:55 . 2009-08-08 09:55 -------- d-----w- c:\program files\Microsoft.NET
2009-08-08 09:48 . 2009-08-08 09:48 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-08-08 09:47 . 2009-08-08 09:47 -------- d-----w- c:\documents and settings\Nuno\Local Settings\Application Data\Microsoft Help
2009-08-08 09:46 . 2009-08-08 10:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-08 08:35 . 2009-08-08 08:35 -------- d-----w- c:\program files\VirtualDJ
2009-08-07 22:47 . 2009-08-07 22:47 -------- d-----w- c:\documents and settings\Nuno\Application Data\DivX
2009-08-07 22:44 . 2009-08-07 22:44 -------- d-----w- c:\documents and settings\Nuno\Local Settings\Application Data\Downloaded Installations
2009-08-07 22:44 . 2009-08-07 22:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle Studio Ultimate
2009-08-07 18:10 . 2009-08-07 18:10 -------- d-----w- c:\program files\Smart Projects
2009-08-07 11:16 . 2009-08-07 11:16 -------- d-----w- c:\program files\SFR
2009-08-05 20:50 . 2009-08-05 20:50 -------- d-----w- c:\program files\MSECache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-19 20:54 . 2008-09-14 12:32 12 ----a-w- c:\windows\bthservsdp.dat
2009-08-18 14:54 . 2005-01-26 21:07 -------- d-----w- c:\program files\Java
2009-08-17 08:14 . 2005-01-26 21:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-15 16:55 . 2008-10-20 20:34 -------- d-----w- c:\documents and settings\Nuno\Application Data\BitTorrent
2009-08-15 14:33 . 2008-01-06 21:57 -------- d-----w- c:\program files\Pinnacle
2009-08-15 11:42 . 2004-08-17 09:31 76582 ------w- c:\windows\system32\perfc00C.dat
2009-08-15 11:42 . 2004-08-17 09:31 471484 ------w- c:\windows\system32\perfh00C.dat
2009-08-15 09:41 . 2008-05-19 10:28 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-12 18:11 . 2008-05-01 14:17 131744 ----a-w- c:\documents and settings\Nuno\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-08 11:17 . 2008-05-17 10:36 -------- d-----w- c:\documents and settings\Nuno\Application Data\proDAD
2009-08-08 11:12 . 2008-08-31 18:23 -------- d-----w- c:\program files\palmOne
2009-08-08 11:10 . 2005-07-24 01:07 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-08-05 20:39 . 2008-05-01 17:12 -------- d-----w- c:\documents and settings\Nuno\Application Data\LimeWire
2009-06-01 08:27 . 2009-06-01 08:27 603904 ------w- c:\windows\system32\TUProgSt.exe
2009-06-01 08:27 . 2009-06-01 08:27 362240 ------w- c:\windows\system32\TuneUpDefragService.exe
.
------- Sigcheck -------
[-] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ntfs.sys
[7] 2007-02-09 11:10 574464 19A811EF5F1ED5C926A028CE107FF1AF c:\windows\SoftwareDistribution\Download\e3bd9b90b867ba67afdd4c29dc49177c\sp2gdr\ntfs.sys
[7] 2007-02-09 11:23 574976 05AB81909514BFD69CBB1F2C147CF6B9 c:\windows\SoftwareDistribution\Download\e3bd9b90b867ba67afdd4c29dc49177c\sp2qfe\ntfs.sys
[-] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\system32\dllcache\ntfs.sys
[-] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\system32\drivers\ntfs.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PMCRemote"="c:\program files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2007-02-12 253000]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"SpywareTerminatorUpdate"="c:\progra~1\SPYWAR~2\SpywareTerminatorUpdate.exe" [2009-08-13 3055616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-11-23 163840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-01-26 98304]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-11-01 290816]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-09-07 213054]
"hpWirelessAssistant"="c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" [2004-12-08 790528]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"ChangeFilterMerit"="c:\program files\NewSoft\Presto! PVR\ChangeFilterMerit.exe" [2007-06-08 51280]
"Presto! PVR Monitor"="c:\program files\NewSoft\Presto! PVR\Monitor.exe" [2007-07-02 149328]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SpywareTerminator"="c:\progra~1\SPYWAR~2\SpywareTerminatorShield.exe" [2009-08-13 2171904]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-18 149280]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-08-24 88363]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-05 110592]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 FNETDEVI;FNETDEVI;c:\windows\system32\drivers\FNETDEVI.SYS [25/10/2008 14:15 19572]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [13/08/2009 07:03 142592]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [01/06/2009 10:27 603904]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe --> c:\program files\MAGIX\Common\Database\bin\fbserver.exe [?]
S3 MODRC;DiBcom Infrared Receiver;c:\windows\system32\drivers\modrc.sys [06/09/2008 19:58 13056]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2009-08-19 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 14:28]
2009-08-07 c:\windows\Tasks\Norton AntiVirus - Analyser mon ordinateur - MANUE.job
- c:\progra~1\NORTON~1\Navw32.exe [2004-08-24 23:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q105&bd=pavilion&pf=laptop
IE: Crawler Search - tbr:iemenu
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-19 22:57
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe??????????+????|?????? ???B???????????????B? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:2e,e8,e1,00,eb,16,2b,de,22,6a,97,f2,46,
7c,75,95,c8,28,51,af,b0,29,a3,98,e7,22,de,bc,86,cd,8e,d8,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,1e,22,a1,5b,80,
eb,a2,de,71,3b,04,66,8b,46,0d,96,28,99,e4,d6,fa,4b,49,6e,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,93,ea,e3,1b,ed,
f6,49,e9,25,da,ec,7e,55,20,c9,26,e1,bf,0f,a6,c6,cd,09,f6,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:6b,65,49,6a,7e,99,74,f7,ea,45,38,a8,70,
5e,13,69,3e,1e,9e,e0,57,5a,93,61,ec,e7,c7,64,44,3c,8b,1e,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,be,6e,c7,8f,1a,
c4,e8,ea,cd,44,cd,b9,a6,33,6c,cd,dd,6b,d4,fb,df,29,68,e3,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,bb,55,8a,54,dc,
b7,64,f5,b0,18,ed,a7,3f,8d,37,a4,12,5e,3d,20,22,04,7a,09,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:97,20,4e,9a,c7,f1,35,ee,51,d9,d1,b3,68,
0f,28,55,31,77,e1,ba,b1,f8,68,02,3d,ac,52,8f,7c,e1,9e,1c,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,34,8b,93,e6,d4,
e8,f9,47,83,6c,56,8b,a0,85,96,ab,35,ea,a3,9b,7c,03,03,31,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,a5,77,cc,8b,a4,
a5,c7,79,51,fa,6e,91,28,9e,14,cc,a0,fc,2b,a7,da,8a,f0,aa,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,d9,63,51,07,22,
8c,b6,7f,b1,cd,45,5a,a8,c4,f8,b9,63,77,4e,71,4c,e9,6f,3c,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,fd,c5,85,22,6a,
ef,53,25,e3,0e,66,d5,eb,bc,2f,6b,57,0e,fa,8f,5b,24,44,00,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,22,de,d6,8e,19,
a3,35,90,fa,ea,66,7f,d4,3b,6b,70,3f,8e,e6,09,c3,c6,a5,9b,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3380)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\a-squared Free\a2service.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Norton AntiVirus\navapsvc.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\Apoint2K\ApntEx.exe
c:\program files\HPQ\Shared\hpqwmi.exe
.
**************************************************************************
.
Completion time: 2009-08-19 23:02 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-19 21:02
Pre-Run: 20 305 174 528 octets libres
Post-Run: 20 367 757 312 octets libres
364 --- E O F --- 2008-10-23 17:32
plopus
Messages postés
5962
Date d'inscription
jeudi 1 janvier 2009
Statut
Contributeur sécurité
Dernière intervention
11 mars 2012
293
19 août 2009 à 23:11
19 août 2009 à 23:11
bon ok
il avait infecté un autre fichier systeme, j'espere qu'il n'as pas ete remplacé par le meme fichier verolé..
tu feras quand tu peux :
==> Télécharger et enregistre sur ton bureau SDfix (créé par AndyManchesta)
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
==> Double cliquer sur SDFix.exe et choisir Install pour l'extraire dans un dossier dédié sur ton disque C:.
/!\ Démarre en mode sans échec : après le bip et avant le logo windows tapoter sur la touche F8 (ou F5): menu M.S.E..
==> Choisir son compte, pas celui de l'Administrateur ou autre.
==> Dérouler la liste des instructions ci-dessous :
• Ouvrir le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuyer sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuyer sur une touche pour redémarrer le PC.
• Le système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuyer sur une touche pour finir l'exécution du script et charger les icônes du Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copier/coller le contenu du fichier Report.txt dans la prochaine réponse sur le forum
tu me dira comment va le PC ?
a demain
il avait infecté un autre fichier systeme, j'espere qu'il n'as pas ete remplacé par le meme fichier verolé..
tu feras quand tu peux :
==> Télécharger et enregistre sur ton bureau SDfix (créé par AndyManchesta)
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
==> Double cliquer sur SDFix.exe et choisir Install pour l'extraire dans un dossier dédié sur ton disque C:.
/!\ Démarre en mode sans échec : après le bip et avant le logo windows tapoter sur la touche F8 (ou F5): menu M.S.E..
==> Choisir son compte, pas celui de l'Administrateur ou autre.
==> Dérouler la liste des instructions ci-dessous :
• Ouvrir le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuyer sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuyer sur une touche pour redémarrer le PC.
• Le système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuyer sur une touche pour finir l'exécution du script et charger les icônes du Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copier/coller le contenu du fichier Report.txt dans la prochaine réponse sur le forum
tu me dira comment va le PC ?
a demain
feshme
Messages postés
94
Date d'inscription
lundi 17 août 2009
Statut
Membre
Dernière intervention
21 août 2009
19 août 2009 à 23:53
19 août 2009 à 23:53
VOICI le rapport, finalement je l'ai fait ce soir A demain
[b]SDFix: Version 1.240 [/b]
Run by Nuno on 19/08/2009 at 23:33
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
No Trojan Files Found
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-19 23:48:03
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000b0d822149]
"001df6106923"=hex:25,b7,14,10,f1,f3,13,84,01,18,32,39,c4,c3,2c,2b
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:7d,ad,4f,fc,dd,e8,29,9f,8d,17,5c,20,c3,1d,dd,97,a9,cd,5d,f9,b3,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,7e,8c,ff,8d,d7,ac,9a,06,a2,7d,4e,fb,fe,44,cc,0f,f0,..
"khjeh"=hex:50,3e,79,44,c6,47,bc,f8,72,48,44,b2,80,37,30,d4,d7,fe,f5,d5,68,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:48,30,81,02,3b,21,bc,0c,08,fd,96,3c,41,1b,23,16,9b,11,df,aa,f8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000b0d822149]
"001df6106923"=hex:25,b7,14,10,f1,f3,13,84,01,18,32,39,c4,c3,2c,2b
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:7d,ad,4f,fc,dd,e8,29,9f,8d,17,5c,20,c3,1d,dd,97,a9,cd,5d,f9,b3,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,7e,8c,ff,8d,d7,ac,9a,06,a2,7d,4e,fb,fe,44,cc,0f,f0,..
"khjeh"=hex:50,3e,79,44,c6,47,bc,f8,72,48,44,b2,80,37,30,d4,d7,fe,f5,d5,68,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:48,30,81,02,3b,21,bc,0c,08,fd,96,3c,41,1b,23,16,9b,11,df,aa,f8,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:0000015b
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[b]Remaining Files [/b]:
[b]Files with Hidden Attributes [/b]:
Sat 17 May 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 16 Mar 2007 4,558 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti9.tmp"
Thu 1 May 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Thu 23 Oct 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\06119f7f007fbf3388fb7f012fd2ce49\download\BIT2C.tmp"
Thu 23 Oct 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2b0ec6af95107cd747155f214801a1de\download\BIT2F.tmp"
Thu 23 Oct 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\457af15380631760d255c46e3ce4c508\download\BIT2D.tmp"
Thu 23 Oct 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4ad242756613df3e539d49e3db7fff27\download\BIT43.tmp"
Thu 23 Oct 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\813a989071c1720c8fca52f421b7b9e5\download\BIT34.tmp"
Thu 23 Oct 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\84db8362c64a1369b93bd1a60a67cb01\download\BIT2B.tmp"
Thu 23 Oct 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a957c596efa7d0ec1b4b7fdc1e1c5705\download\BIT3A.tmp"
Thu 23 Oct 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c8f95ed251aedea843abb9ea5b1a52d3\download\BIT40.tmp"
Thu 23 Oct 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d8cfedd5cfd3f0881276825d82978e5d\download\BIT39.tmp"
Thu 23 Oct 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e8ac11bc9e4687d6c2a32699ff0541d6\download\BIT38.tmp"
Thu 23 Oct 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ec9dc63e53c8bf9a1e80cf1489c682bd\download\BIT2A.tmp"
Thu 23 Oct 2008 1,756,266 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\edf770ea565c428bca41a4befcabb97b\download\BIT29.tmp"
Thu 23 Oct 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ef76b58e91ae8084bf0833c90d4b9382\download\BIT31.tmp"
Thu 23 Oct 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fde0566446f6dd640c536f419fe1216a\download\BIT2E.tmp"
[b]Finished![/b]
[b]SDFix: Version 1.240 [/b]
Run by Nuno on 19/08/2009 at 23:33
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
No Trojan Files Found
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-19 23:48:03
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000b0d822149]
"001df6106923"=hex:25,b7,14,10,f1,f3,13,84,01,18,32,39,c4,c3,2c,2b
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:7d,ad,4f,fc,dd,e8,29,9f,8d,17,5c,20,c3,1d,dd,97,a9,cd,5d,f9,b3,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,7e,8c,ff,8d,d7,ac,9a,06,a2,7d,4e,fb,fe,44,cc,0f,f0,..
"khjeh"=hex:50,3e,79,44,c6,47,bc,f8,72,48,44,b2,80,37,30,d4,d7,fe,f5,d5,68,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:48,30,81,02,3b,21,bc,0c,08,fd,96,3c,41,1b,23,16,9b,11,df,aa,f8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000b0d822149]
"001df6106923"=hex:25,b7,14,10,f1,f3,13,84,01,18,32,39,c4,c3,2c,2b
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:7d,ad,4f,fc,dd,e8,29,9f,8d,17,5c,20,c3,1d,dd,97,a9,cd,5d,f9,b3,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,7e,8c,ff,8d,d7,ac,9a,06,a2,7d,4e,fb,fe,44,cc,0f,f0,..
"khjeh"=hex:50,3e,79,44,c6,47,bc,f8,72,48,44,b2,80,37,30,d4,d7,fe,f5,d5,68,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:48,30,81,02,3b,21,bc,0c,08,fd,96,3c,41,1b,23,16,9b,11,df,aa,f8,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:0000015b
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[b]Remaining Files [/b]:
[b]Files with Hidden Attributes [/b]:
Sat 17 May 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 16 Mar 2007 4,558 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti9.tmp"
Thu 1 May 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Thu 23 Oct 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\06119f7f007fbf3388fb7f012fd2ce49\download\BIT2C.tmp"
Thu 23 Oct 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2b0ec6af95107cd747155f214801a1de\download\BIT2F.tmp"
Thu 23 Oct 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\457af15380631760d255c46e3ce4c508\download\BIT2D.tmp"
Thu 23 Oct 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4ad242756613df3e539d49e3db7fff27\download\BIT43.tmp"
Thu 23 Oct 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\813a989071c1720c8fca52f421b7b9e5\download\BIT34.tmp"
Thu 23 Oct 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\84db8362c64a1369b93bd1a60a67cb01\download\BIT2B.tmp"
Thu 23 Oct 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a957c596efa7d0ec1b4b7fdc1e1c5705\download\BIT3A.tmp"
Thu 23 Oct 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c8f95ed251aedea843abb9ea5b1a52d3\download\BIT40.tmp"
Thu 23 Oct 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d8cfedd5cfd3f0881276825d82978e5d\download\BIT39.tmp"
Thu 23 Oct 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e8ac11bc9e4687d6c2a32699ff0541d6\download\BIT38.tmp"
Thu 23 Oct 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ec9dc63e53c8bf9a1e80cf1489c682bd\download\BIT2A.tmp"
Thu 23 Oct 2008 1,756,266 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\edf770ea565c428bca41a4befcabb97b\download\BIT29.tmp"
Thu 23 Oct 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ef76b58e91ae8084bf0833c90d4b9382\download\BIT31.tmp"
Thu 23 Oct 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fde0566446f6dd640c536f419fe1216a\download\BIT2E.tmp"
[b]Finished![/b]
plopus
Messages postés
5962
Date d'inscription
jeudi 1 janvier 2009
Statut
Contributeur sécurité
Dernière intervention
11 mars 2012
293
20 août 2009 à 09:03
20 août 2009 à 09:03
salut
poste moi un nouveau RSIt stp
poste moi un nouveau RSIt stp
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
feshme
Messages postés
94
Date d'inscription
lundi 17 août 2009
Statut
Membre
Dernière intervention
21 août 2009
20 août 2009 à 10:22
20 août 2009 à 10:22
RESULTAT RSIT
Logfile of random's system information tool 1.06 (written by random/random)
Run by Nuno at 2009-08-20 10:20:04
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 19 GB (20%) free of 95 GB
Total RAM: 758 MB (44% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:20:20, on 20/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\NewSoft\Presto! PVR\Monitor.exe
C:\PROGRA~1\SPYWAR~2\SpywareTerminatorShield.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\PROGRA~1\SPYWAR~2\SpywareTerminatorUpdate.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Documents and Settings\Nuno\Bureau\RSIT.exe
C:\Program Files\trend micro\Nuno.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ChangeFilterMerit] C:\Program Files\NewSoft\Presto! PVR\ChangeFilterMerit.exe
O4 - HKLM\..\Run: [Presto! PVR Monitor] C:\Program Files\NewSoft\Presto! PVR\Monitor.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~2\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\PROGRA~1\SPYWAR~2\SpywareTerminatorUpdate.exe"
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://ushousecall02.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader5.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
Logfile of random's system information tool 1.06 (written by random/random)
Run by Nuno at 2009-08-20 10:20:04
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 19 GB (20%) free of 95 GB
Total RAM: 758 MB (44% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:20:20, on 20/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\NewSoft\Presto! PVR\Monitor.exe
C:\PROGRA~1\SPYWAR~2\SpywareTerminatorShield.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\PROGRA~1\SPYWAR~2\SpywareTerminatorUpdate.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Documents and Settings\Nuno\Bureau\RSIT.exe
C:\Program Files\trend micro\Nuno.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ChangeFilterMerit] C:\Program Files\NewSoft\Presto! PVR\ChangeFilterMerit.exe
O4 - HKLM\..\Run: [Presto! PVR Monitor] C:\Program Files\NewSoft\Presto! PVR\Monitor.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~2\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\PROGRA~1\SPYWAR~2\SpywareTerminatorUpdate.exe"
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://ushousecall02.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader5.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
plopus
Messages postés
5962
Date d'inscription
jeudi 1 janvier 2009
Statut
Contributeur sécurité
Dernière intervention
11 mars 2012
293
20 août 2009 à 10:37
20 août 2009 à 10:37
On est reparti pour les analyses si tout ce passe bien poste moi les rapports de ces fichiers avec bien leur nom :
le site : https://www.virustotal.com/gui/
si tu veux pas t'embeter, tu marque le nom et tu copie colle l'url de ton navigatreur quand tu es sur la page du rapport
c:\windows\system32\drivers\ntfs.sys
c:\windows\system32\dllcache\ntfs.sys
c:\windows\system32\dllcache\Beep.sys
c:\windows\system32\drivers\beep.sys
c:\windows\system32\mspmsnsv.dll
C:\WINDOWS\SoftwareDistribution\Download\c8f95ed251aedea843abb9ea5b1a52d3\download\BIT40.tmp
C:\WINDOWS\SoftwareDistribution\Download\ec9dc63e53c8bf9a1e80cf1489c682bd\download\BIT2A.tmp
C:\Documents and Settings\All Users\DRM\DRMv1.bak"
C:\Program Files\InterActual\InterActual Player\iti9.tmp"
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
le site : https://www.virustotal.com/gui/
si tu veux pas t'embeter, tu marque le nom et tu copie colle l'url de ton navigatreur quand tu es sur la page du rapport
c:\windows\system32\drivers\ntfs.sys
c:\windows\system32\dllcache\ntfs.sys
c:\windows\system32\dllcache\Beep.sys
c:\windows\system32\drivers\beep.sys
c:\windows\system32\mspmsnsv.dll
C:\WINDOWS\SoftwareDistribution\Download\c8f95ed251aedea843abb9ea5b1a52d3\download\BIT40.tmp
C:\WINDOWS\SoftwareDistribution\Download\ec9dc63e53c8bf9a1e80cf1489c682bd\download\BIT2A.tmp
C:\Documents and Settings\All Users\DRM\DRMv1.bak"
C:\Program Files\InterActual\InterActual Player\iti9.tmp"
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
feshme
Messages postés
94
Date d'inscription
lundi 17 août 2009
Statut
Membre
Dernière intervention
21 août 2009
20 août 2009 à 10:46
20 août 2009 à 10:46
FICHIER : c:\windows\system32\dllcache\ntfs.sys
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.20 -
AhnLab-V3 5.0.0.2 2009.08.20 -
AntiVir 7.9.1.3 2009.08.20 -
Antiy-AVL 2.0.3.7 2009.08.20 -
Authentium 5.1.2.4 2009.08.19 -
Avast 4.8.1335.0 2009.08.19 -
AVG 8.5.0.406 2009.08.19 -
BitDefender 7.2 2009.08.20 -
CAT-QuickHeal 10.00 2009.08.19 -
ClamAV 0.94.1 2009.08.20 -
Comodo 2032 2009.08.20 -
DrWeb 5.0.0.12182 2009.08.20 -
eSafe 7.0.17.0 2009.08.19 -
eTrust-Vet 31.6.6688 2009.08.19 -
F-Prot 4.4.4.56 2009.08.19 -
F-Secure 8.0.14470.0 2009.08.20 -
Fortinet 3.120.0.0 2009.08.20 -
GData 19 2009.08.20 -
Ikarus T3.1.1.68.0 2009.08.20 -
Jiangmin 11.0.800 2009.08.20 -
K7AntiVirus 7.10.822 2009.08.19 -
Kaspersky 7.0.0.125 2009.08.20 -
McAfee 5714 2009.08.19 -
McAfee+Artemis 5714 2009.08.19 -
McAfee-GW-Edition 6.8.5 2009.08.20 -
Microsoft 1.4903 2009.08.20 -
NOD32 4349 2009.08.19 -
Norman 6.01.09 2009.08.19 -
nProtect 2009.1.8.0 2009.08.20 -
Panda 10.0.0.14 2009.08.20 -
PCTools 4.4.2.0 2009.08.19 -
Prevx 3.0 2009.08.20 -
Rising 21.43.30.00 2009.08.20 -
Sophos 4.44.0 2009.08.20 -
Sunbelt 3.2.1858.2 2009.08.20 -
Symantec 1.4.4.12 2009.08.20 -
TheHacker 6.3.4.3.383 2009.08.13 -
TrendMicro 8.950.0.1094 2009.08.20 -
VBA32 3.12.10.9 2009.08.20 -
ViRobot 2009.8.20.1892 2009.08.20 -
VirusBuster 4.6.5.0 2009.08.19 -
Information additionnelle
File size: 574976 bytes
MD5...: 78a08dd6a8d65e697c18e1db01c5cdca
SHA1..: c40f3c1fcbd8a61ad5f36e16971feb64407bbc66
SHA256: e0e6f3ed05068e32f1d5c2d2b38cdef4536b8656db6756c66cf6b40b60c8f3da
ssdeep: 12288:CosOm5JqnuiIT8j4l7yT68kdUDzAGOjICueFWI0m9:eJ+uiIQ4kTTkdUDE
PflFWI0
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x85384
timedatestamp.....: 0x48025be5 (Sun Apr 13 19:15:49 2008)
machinetype.......: 0x14c (I386)
( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x300 0x17879 0x17880 6.57 7a0cc809877394dcb00f251125cde1d0
.rdata 0x17b80 0x7078 0x7080 6.30 95baacb27e75d4140da94f3e43c659d6
.data 0x1ec00 0x1b10 0x1b80 0.74 9cb37a38036e823a0152bb209239dffd
PAGE 0x20780 0x64b6b 0x64b80 6.51 7de1f4c3a0a474314fe86e158e01cd73
INIT 0x85300 0x36fe 0x3700 6.07 ded61bc7fa643b884fdf69cc4d48c308
.rsrc 0x88a00 0x3e0 0x400 3.34 7153f5b12fab0213e839e612df3320ab
.reloc 0x88e00 0x37a0 0x3800 6.73 5db2361b4571130ef61ec5a1deac3e22
( 3 imports )
> HAL.dll: KeAcquireInStackQueuedSpinLock, ExAcquireFastMutex, KeReleaseQueuedSpinLock, KeAcquireQueuedSpinLock, KfReleaseSpinLock, ExTryToAcquireFastMutex, ExReleaseFastMutex, KeReleaseInStackQueuedSpinLock, KfAcquireSpinLock
> ksecdd.sys: GenerateSessionKey, EfsGenerateKey, GenerateDirEfs, InitSecurityInterfaceW, EfsDecryptFek
> ntoskrnl.exe: ExRaiseStatus, FsRtlNormalizeNtstatus, CcFlushCache, ExIsResourceAcquiredExclusiveLite, RtlInitUnicodeString, InterlockedPopEntrySList, InterlockedPushEntrySList, KeQuerySystemTime, RtlCompareMemory, FsRtlAreNamesEqual, FsRtlCheckLockForWriteAccess, FsRtlOplockIsFastIoPossible, FsRtlCheckOplock, CcSetDirtyPinnedData, MmSetAddressRangeModified, MmCanFileBeTruncated, RtlGenerate8dot3Name, RtlUpcaseUnicodeString, CcCopyWrite, CcCanIWrite, CcMdlWriteComplete, MmMapLockedPagesSpecifyCache, CcPrepareMdlWrite, IoGetTopLevelIrp, _aullshr, _allshl, IoGetStackLimits, RtlSetBits, RtlClearBits, FsRtlGetNextLargeMcbEntry, RtlAreBitsSet, RtlFindLastBackwardRunClear, RtlNumberOfClearBits, _allmul, RtlAreBitsClear, RtlFindClearBits, RtlFindClearRuns, FsRtlRemoveLargeMcbEntry, FsRtlLookupLargeMcbEntry, FsRtlAddLargeMcbEntry, KeReleaseMutant, ObfDereferenceObject, CcUninitializeCacheMap, CcSetLogHandleForFile, CcInitializeCacheMap, IoCreateStreamFileObjectLite, KeWaitForSingleObject, CcMapData, CcPinMappedData, CcPinRead, CcPreparePinWrite, CcMdlReadComplete, KeBugCheckEx, CcZeroData, FsRtlIsNtstatusExpected, DbgBreakPoint, DbgPrint, KdDebuggerEnabled, FsRtlNotifyVolumeEvent, RtlDeleteElementGenericTableAvl, IoRemoveShareAccess, FsRtlAddToTunnelCache, FsRtlFastUnlockAll, IoGetRequestorProcess, FsRtlNotifyFilterReportChange, FsRtlDeleteKeyFromTunnelCache, FsRtlNotifyCleanup, FsRtlNotifyFilterChangeDirectory, MmFlushImageSection, KeLeaveCriticalRegion, IoSetTopLevelIrp, KeEnterCriticalRegion, IofCompleteRequest, ExQueueWorkItem, IoGetCurrentProcess, FsRtlIsNameInExpression, FsRtlDoesNameContainWildCards, IoCheckEaBufferValidity, ExIsResourceAcquiredSharedLite, KeSetEvent, IoSetInformation, FsRtlOplockFsctrl, IoUpdateShareAccess, IoSetShareAccess, IoCheckShareAccess, FsRtlCurrentBatchOplock, ObReleaseObjectSecurity, ObGetObjectSecurity, SePrivilegeCheck, CcWaitForCurrentLazyWriterActivity, RtlGetOwnerSecurityDescriptor, FsRtlFindInTunnelCache, SeSinglePrivilegeCheck, KeClearEvent, FsRtlDissectName, _alloca_probe, IoCancelIrp, KeSetKernelStackSwapEnable, KeInitializeEvent, IoIsOperationSynchronous, IofCallDriver, MmUnmapLockedPages, IoBuildPartialMdl, IoFreeMdl, MmProbeAndLockPages, IoAllocateMdl, KeGetCurrentThread, RtlDecompressBuffer, RtlDecompressFragment, RtlGetCompressionWorkSpaceSize, MmBuildMdlForNonPagedPool, IoFreeIrp, ExReleaseResourceForThreadLite, CcUnpinDataForThread, CcSetBcbOwnerPointer, FsRtlIsTotalDeviceFailure, IoMakeAssociatedIrp, ObfReferenceObject, ExGetExclusiveWaiterCount, KeDelayExecutionThread, ObReferenceObjectByHandle, IoFileObjectType, _local_unwind2, RtlCompressBuffer, MmUnlockPages, IoBuildAsynchronousFsdRequest, RtlLookupElementGenericTableAvl, SeCaptureSubjectContext, RtlUpperString, RtlCompareString, RtlInitString, FsRtlLegalAnsiCharacterArray, NlsOemLeadByteInfo, NlsMbOemCodePageTag, SeDeleteObjectAuditAlarm, ObQueryObjectAuditingByHandle, CcPurgeCacheSection, _allrem, SeAuditHardLinkCreation, SeAuditingHardLinkEventsWithContext, IoBuildDeviceIoControlRequest, CcMdlRead, KeNumberProcessors, CcDeferWrite, ZwClose, ZwCreateFile, ProbeForRead, IoBuildSynchronousFsdRequest, IoGetRelatedDeviceObject, MmPrefetchPages, ProbeForWrite, _alldiv, RtlLengthSid, SeReleaseSubjectContext, SeUnlockSubjectContext, SeAccessCheck, SeLockSubjectContext, RtlMapGenericMask, IoGetFileObjectGenericMapping, CcSetAdditionalCacheAttributes, FsRtlBalanceReads, ObQueryNameString, wcslen, IoCreateDevice, FsRtlIncrementCcFastReadResourceMiss, FsRtlIncrementCcFastReadNotPossible, CcFastCopyRead, FsRtlIncrementCcFastReadNoWait, FsRtlIncrementCcFastReadWait, CcFastCopyWrite, CcFastMdlReadWait, FsRtlUninitializeLargeMcb, FsRtlInitializeLargeMcb, FsRtlPrivateLock, FsRtlFastUnlockSingle, FsRtlFastUnlockAllByKey, FsRtlProcessFileLock, ExDeleteResourceLite, ExInitializeResourceLite, KeInitializeSpinLock, FsRtlResetLargeMcb, KeSetTimer, ExAcquireSharedStarveExclusive, CcGetDirtyPages, KeSetPriorityThread, FsRtlLookupLastLargeMcbEntry, FsRtlNumberOfRunsInLargeMcb, FsRtlSplitLargeMcb, FsRtlTruncateLargeMcb, CcRemapBcb, RtlFreeOemString, RtlUnicodeStringToCountedOemString, FsRtlIsFatDbcsLegal, FsRtlFastCheckLockForWrite, FsRtlFastCheckLockForRead, IoRaiseInformationalHardError, RtlAppendUnicodeStringToString, RtlCopyUnicodeString, IoVolumeDeviceToDosName, IoReleaseCancelSpinLock, IoAcquireCancelSpinLock, CcMdlWriteAbort, IoIsSystemThread, RtlLengthSecurityDescriptor, SeAssignSecurity, RtlSetDaclSecurityDescriptor, RtlCreateSecurityDescriptor, RtlAddAccessAllowedAce, RtlCreateAcl, RtlSubAuthoritySid, RtlInitializeSid, RtlLengthRequiredSid, ExInitializePagedLookasideList, ExInitializeNPagedLookasideList, MmIsThisAnNtAsSystem, MmQuerySystemSize, ZwQueryValueKey, ZwOpenKey, RtlVerifyVersionInfo, VerSetConditionMask, IoRegisterDriverReinitialization, KeInitializeDpc, KeInitializeTimer, IoRegisterFileSystem, KeBugCheck, KeInitializeMutant, FsRtlMdlWriteCompleteDev, FsRtlMdlReadCompleteDev, ExUuidCreate, RtlDelete, RtlSplay, RtlValidSid, RtlInsertElementGenericTableFullAvl, RtlLookupElementGenericTableFullAvl, SeQueryInformationToken, RtlEqualSid, SeExports, IoCheckQuotaBufferValidity, RtlInitializeGenericTableAvl, CcSetReadAheadGranularity, FsRtlCheckLockForReadAccess, ExAcquireSharedWaitForExclusive, FsRtlPostStackOverflow, FsRtlPostPagingFileStackOverflow, IoReleaseVpbSpinLock, IoAcquireVpbSpinLock, SeValidSecurityDescriptor, SeFreePrivileges, SeDeassignSecurity, SeSetSecurityDescriptorInfo, SeQuerySecurityDescriptorInfo, SeOpenObjectAuditAlarm, SeOpenObjectForDeleteAuditAlarm, SeAppendPrivileges, SeAuditingFileEventsWithContext, RtlEnumerateGenericTableWithoutSplayingAvl, FsRtlFreeFileLock, FsRtlAllocateFileLock, ExReinitializeResourceLite, FsRtlNotifyInitializeSync, FsRtlInitializeTunnelCache, RtlInsertElementGenericTableAvl, FsRtlUninitializeOplock, FsRtlInitializeOplock, FsRtlTeardownPerStreamContexts, IoDeleteDevice, FsRtlDeleteTunnelCache, FsRtlNotifyUninitializeSync, RtlEnumerateGenericTableAvl, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, IoSetDeviceToVerify, KeTickCount, _abnormal_termination, _except_handler3, RtlFindNextForwardRunClear, ExAcquireFastMutexUnsafe, ExAllocatePoolWithTag, RtlInitializeBitMap, ExFreePoolWithTag, memmove, ExReleaseFastMutexUnsafe, ExReleaseResourceLite, _allshr, ExAcquireResourceSharedLite, ExAcquireResourceExclusiveLite, CcUnpinData, CcCopyRead, CcSetFileSizes, RtlFillMemoryUlong, IoPageRead, IoFreeErrorLogEntry, IoSynchronousPageWrite, ExDeletePagedLookasideList, ExDeleteNPagedLookasideList, IoGetDeviceObjectPointer, KeUnstackDetachProcess, KeStackAttachProcess, PsLookupProcessByProcessId, ZwWaitForSingleObject, PsCreateSystemThread, ZwCreateEvent, PoQueueShutdownWorkItem, ZwFreeVirtualMemory, PsRevertToSelf, PsDereferenceImpersonationToken, PsImpersonateClient, PsReferenceImpersonationToken, ZwAllocateVirtualMemory, ObReferenceObjectByPointer
( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.20 -
AhnLab-V3 5.0.0.2 2009.08.20 -
AntiVir 7.9.1.3 2009.08.20 -
Antiy-AVL 2.0.3.7 2009.08.20 -
Authentium 5.1.2.4 2009.08.19 -
Avast 4.8.1335.0 2009.08.19 -
AVG 8.5.0.406 2009.08.19 -
BitDefender 7.2 2009.08.20 -
CAT-QuickHeal 10.00 2009.08.19 -
ClamAV 0.94.1 2009.08.20 -
Comodo 2032 2009.08.20 -
DrWeb 5.0.0.12182 2009.08.20 -
eSafe 7.0.17.0 2009.08.19 -
eTrust-Vet 31.6.6688 2009.08.19 -
F-Prot 4.4.4.56 2009.08.19 -
F-Secure 8.0.14470.0 2009.08.20 -
Fortinet 3.120.0.0 2009.08.20 -
GData 19 2009.08.20 -
Ikarus T3.1.1.68.0 2009.08.20 -
Jiangmin 11.0.800 2009.08.20 -
K7AntiVirus 7.10.822 2009.08.19 -
Kaspersky 7.0.0.125 2009.08.20 -
McAfee 5714 2009.08.19 -
McAfee+Artemis 5714 2009.08.19 -
McAfee-GW-Edition 6.8.5 2009.08.20 -
Microsoft 1.4903 2009.08.20 -
NOD32 4349 2009.08.19 -
Norman 6.01.09 2009.08.19 -
nProtect 2009.1.8.0 2009.08.20 -
Panda 10.0.0.14 2009.08.20 -
PCTools 4.4.2.0 2009.08.19 -
Prevx 3.0 2009.08.20 -
Rising 21.43.30.00 2009.08.20 -
Sophos 4.44.0 2009.08.20 -
Sunbelt 3.2.1858.2 2009.08.20 -
Symantec 1.4.4.12 2009.08.20 -
TheHacker 6.3.4.3.383 2009.08.13 -
TrendMicro 8.950.0.1094 2009.08.20 -
VBA32 3.12.10.9 2009.08.20 -
ViRobot 2009.8.20.1892 2009.08.20 -
VirusBuster 4.6.5.0 2009.08.19 -
Information additionnelle
File size: 574976 bytes
MD5...: 78a08dd6a8d65e697c18e1db01c5cdca
SHA1..: c40f3c1fcbd8a61ad5f36e16971feb64407bbc66
SHA256: e0e6f3ed05068e32f1d5c2d2b38cdef4536b8656db6756c66cf6b40b60c8f3da
ssdeep: 12288:CosOm5JqnuiIT8j4l7yT68kdUDzAGOjICueFWI0m9:eJ+uiIQ4kTTkdUDE
PflFWI0
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x85384
timedatestamp.....: 0x48025be5 (Sun Apr 13 19:15:49 2008)
machinetype.......: 0x14c (I386)
( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x300 0x17879 0x17880 6.57 7a0cc809877394dcb00f251125cde1d0
.rdata 0x17b80 0x7078 0x7080 6.30 95baacb27e75d4140da94f3e43c659d6
.data 0x1ec00 0x1b10 0x1b80 0.74 9cb37a38036e823a0152bb209239dffd
PAGE 0x20780 0x64b6b 0x64b80 6.51 7de1f4c3a0a474314fe86e158e01cd73
INIT 0x85300 0x36fe 0x3700 6.07 ded61bc7fa643b884fdf69cc4d48c308
.rsrc 0x88a00 0x3e0 0x400 3.34 7153f5b12fab0213e839e612df3320ab
.reloc 0x88e00 0x37a0 0x3800 6.73 5db2361b4571130ef61ec5a1deac3e22
( 3 imports )
> HAL.dll: KeAcquireInStackQueuedSpinLock, ExAcquireFastMutex, KeReleaseQueuedSpinLock, KeAcquireQueuedSpinLock, KfReleaseSpinLock, ExTryToAcquireFastMutex, ExReleaseFastMutex, KeReleaseInStackQueuedSpinLock, KfAcquireSpinLock
> ksecdd.sys: GenerateSessionKey, EfsGenerateKey, GenerateDirEfs, InitSecurityInterfaceW, EfsDecryptFek
> ntoskrnl.exe: ExRaiseStatus, FsRtlNormalizeNtstatus, CcFlushCache, ExIsResourceAcquiredExclusiveLite, RtlInitUnicodeString, InterlockedPopEntrySList, InterlockedPushEntrySList, KeQuerySystemTime, RtlCompareMemory, FsRtlAreNamesEqual, FsRtlCheckLockForWriteAccess, FsRtlOplockIsFastIoPossible, FsRtlCheckOplock, CcSetDirtyPinnedData, MmSetAddressRangeModified, MmCanFileBeTruncated, RtlGenerate8dot3Name, RtlUpcaseUnicodeString, CcCopyWrite, CcCanIWrite, CcMdlWriteComplete, MmMapLockedPagesSpecifyCache, CcPrepareMdlWrite, IoGetTopLevelIrp, _aullshr, _allshl, IoGetStackLimits, RtlSetBits, RtlClearBits, FsRtlGetNextLargeMcbEntry, RtlAreBitsSet, RtlFindLastBackwardRunClear, RtlNumberOfClearBits, _allmul, RtlAreBitsClear, RtlFindClearBits, RtlFindClearRuns, FsRtlRemoveLargeMcbEntry, FsRtlLookupLargeMcbEntry, FsRtlAddLargeMcbEntry, KeReleaseMutant, ObfDereferenceObject, CcUninitializeCacheMap, CcSetLogHandleForFile, CcInitializeCacheMap, IoCreateStreamFileObjectLite, KeWaitForSingleObject, CcMapData, CcPinMappedData, CcPinRead, CcPreparePinWrite, CcMdlReadComplete, KeBugCheckEx, CcZeroData, FsRtlIsNtstatusExpected, DbgBreakPoint, DbgPrint, KdDebuggerEnabled, FsRtlNotifyVolumeEvent, RtlDeleteElementGenericTableAvl, IoRemoveShareAccess, FsRtlAddToTunnelCache, FsRtlFastUnlockAll, IoGetRequestorProcess, FsRtlNotifyFilterReportChange, FsRtlDeleteKeyFromTunnelCache, FsRtlNotifyCleanup, FsRtlNotifyFilterChangeDirectory, MmFlushImageSection, KeLeaveCriticalRegion, IoSetTopLevelIrp, KeEnterCriticalRegion, IofCompleteRequest, ExQueueWorkItem, IoGetCurrentProcess, FsRtlIsNameInExpression, FsRtlDoesNameContainWildCards, IoCheckEaBufferValidity, ExIsResourceAcquiredSharedLite, KeSetEvent, IoSetInformation, FsRtlOplockFsctrl, IoUpdateShareAccess, IoSetShareAccess, IoCheckShareAccess, FsRtlCurrentBatchOplock, ObReleaseObjectSecurity, ObGetObjectSecurity, SePrivilegeCheck, CcWaitForCurrentLazyWriterActivity, RtlGetOwnerSecurityDescriptor, FsRtlFindInTunnelCache, SeSinglePrivilegeCheck, KeClearEvent, FsRtlDissectName, _alloca_probe, IoCancelIrp, KeSetKernelStackSwapEnable, KeInitializeEvent, IoIsOperationSynchronous, IofCallDriver, MmUnmapLockedPages, IoBuildPartialMdl, IoFreeMdl, MmProbeAndLockPages, IoAllocateMdl, KeGetCurrentThread, RtlDecompressBuffer, RtlDecompressFragment, RtlGetCompressionWorkSpaceSize, MmBuildMdlForNonPagedPool, IoFreeIrp, ExReleaseResourceForThreadLite, CcUnpinDataForThread, CcSetBcbOwnerPointer, FsRtlIsTotalDeviceFailure, IoMakeAssociatedIrp, ObfReferenceObject, ExGetExclusiveWaiterCount, KeDelayExecutionThread, ObReferenceObjectByHandle, IoFileObjectType, _local_unwind2, RtlCompressBuffer, MmUnlockPages, IoBuildAsynchronousFsdRequest, RtlLookupElementGenericTableAvl, SeCaptureSubjectContext, RtlUpperString, RtlCompareString, RtlInitString, FsRtlLegalAnsiCharacterArray, NlsOemLeadByteInfo, NlsMbOemCodePageTag, SeDeleteObjectAuditAlarm, ObQueryObjectAuditingByHandle, CcPurgeCacheSection, _allrem, SeAuditHardLinkCreation, SeAuditingHardLinkEventsWithContext, IoBuildDeviceIoControlRequest, CcMdlRead, KeNumberProcessors, CcDeferWrite, ZwClose, ZwCreateFile, ProbeForRead, IoBuildSynchronousFsdRequest, IoGetRelatedDeviceObject, MmPrefetchPages, ProbeForWrite, _alldiv, RtlLengthSid, SeReleaseSubjectContext, SeUnlockSubjectContext, SeAccessCheck, SeLockSubjectContext, RtlMapGenericMask, IoGetFileObjectGenericMapping, CcSetAdditionalCacheAttributes, FsRtlBalanceReads, ObQueryNameString, wcslen, IoCreateDevice, FsRtlIncrementCcFastReadResourceMiss, FsRtlIncrementCcFastReadNotPossible, CcFastCopyRead, FsRtlIncrementCcFastReadNoWait, FsRtlIncrementCcFastReadWait, CcFastCopyWrite, CcFastMdlReadWait, FsRtlUninitializeLargeMcb, FsRtlInitializeLargeMcb, FsRtlPrivateLock, FsRtlFastUnlockSingle, FsRtlFastUnlockAllByKey, FsRtlProcessFileLock, ExDeleteResourceLite, ExInitializeResourceLite, KeInitializeSpinLock, FsRtlResetLargeMcb, KeSetTimer, ExAcquireSharedStarveExclusive, CcGetDirtyPages, KeSetPriorityThread, FsRtlLookupLastLargeMcbEntry, FsRtlNumberOfRunsInLargeMcb, FsRtlSplitLargeMcb, FsRtlTruncateLargeMcb, CcRemapBcb, RtlFreeOemString, RtlUnicodeStringToCountedOemString, FsRtlIsFatDbcsLegal, FsRtlFastCheckLockForWrite, FsRtlFastCheckLockForRead, IoRaiseInformationalHardError, RtlAppendUnicodeStringToString, RtlCopyUnicodeString, IoVolumeDeviceToDosName, IoReleaseCancelSpinLock, IoAcquireCancelSpinLock, CcMdlWriteAbort, IoIsSystemThread, RtlLengthSecurityDescriptor, SeAssignSecurity, RtlSetDaclSecurityDescriptor, RtlCreateSecurityDescriptor, RtlAddAccessAllowedAce, RtlCreateAcl, RtlSubAuthoritySid, RtlInitializeSid, RtlLengthRequiredSid, ExInitializePagedLookasideList, ExInitializeNPagedLookasideList, MmIsThisAnNtAsSystem, MmQuerySystemSize, ZwQueryValueKey, ZwOpenKey, RtlVerifyVersionInfo, VerSetConditionMask, IoRegisterDriverReinitialization, KeInitializeDpc, KeInitializeTimer, IoRegisterFileSystem, KeBugCheck, KeInitializeMutant, FsRtlMdlWriteCompleteDev, FsRtlMdlReadCompleteDev, ExUuidCreate, RtlDelete, RtlSplay, RtlValidSid, RtlInsertElementGenericTableFullAvl, RtlLookupElementGenericTableFullAvl, SeQueryInformationToken, RtlEqualSid, SeExports, IoCheckQuotaBufferValidity, RtlInitializeGenericTableAvl, CcSetReadAheadGranularity, FsRtlCheckLockForReadAccess, ExAcquireSharedWaitForExclusive, FsRtlPostStackOverflow, FsRtlPostPagingFileStackOverflow, IoReleaseVpbSpinLock, IoAcquireVpbSpinLock, SeValidSecurityDescriptor, SeFreePrivileges, SeDeassignSecurity, SeSetSecurityDescriptorInfo, SeQuerySecurityDescriptorInfo, SeOpenObjectAuditAlarm, SeOpenObjectForDeleteAuditAlarm, SeAppendPrivileges, SeAuditingFileEventsWithContext, RtlEnumerateGenericTableWithoutSplayingAvl, FsRtlFreeFileLock, FsRtlAllocateFileLock, ExReinitializeResourceLite, FsRtlNotifyInitializeSync, FsRtlInitializeTunnelCache, RtlInsertElementGenericTableAvl, FsRtlUninitializeOplock, FsRtlInitializeOplock, FsRtlTeardownPerStreamContexts, IoDeleteDevice, FsRtlDeleteTunnelCache, FsRtlNotifyUninitializeSync, RtlEnumerateGenericTableAvl, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, IoSetDeviceToVerify, KeTickCount, _abnormal_termination, _except_handler3, RtlFindNextForwardRunClear, ExAcquireFastMutexUnsafe, ExAllocatePoolWithTag, RtlInitializeBitMap, ExFreePoolWithTag, memmove, ExReleaseFastMutexUnsafe, ExReleaseResourceLite, _allshr, ExAcquireResourceSharedLite, ExAcquireResourceExclusiveLite, CcUnpinData, CcCopyRead, CcSetFileSizes, RtlFillMemoryUlong, IoPageRead, IoFreeErrorLogEntry, IoSynchronousPageWrite, ExDeletePagedLookasideList, ExDeleteNPagedLookasideList, IoGetDeviceObjectPointer, KeUnstackDetachProcess, KeStackAttachProcess, PsLookupProcessByProcessId, ZwWaitForSingleObject, PsCreateSystemThread, ZwCreateEvent, PoQueueShutdownWorkItem, ZwFreeVirtualMemory, PsRevertToSelf, PsDereferenceImpersonationToken, PsImpersonateClient, PsReferenceImpersonationToken, ZwAllocateVirtualMemory, ObReferenceObjectByPointer
( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-
feshme
Messages postés
94
Date d'inscription
lundi 17 août 2009
Statut
Membre
Dernière intervention
21 août 2009
20 août 2009 à 10:53
20 août 2009 à 10:53
c:\windows\system32\drivers\ntfs.sys
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.20 -
AhnLab-V3 5.0.0.2 2009.08.20 -
AntiVir 7.9.1.3 2009.08.20 -
Antiy-AVL 2.0.3.7 2009.08.20 -
Authentium 5.1.2.4 2009.08.19 -
Avast 4.8.1335.0 2009.08.19 -
AVG 8.5.0.406 2009.08.19 -
BitDefender 7.2 2009.08.20 -
CAT-QuickHeal 10.00 2009.08.19 -
ClamAV 0.94.1 2009.08.20 -
Comodo 2032 2009.08.20 -
DrWeb 5.0.0.12182 2009.08.20 -
eSafe 7.0.17.0 2009.08.19 -
eTrust-Vet 31.6.6688 2009.08.19 -
F-Prot 4.4.4.56 2009.08.19 -
F-Secure 8.0.14470.0 2009.08.20 -
Fortinet 3.120.0.0 2009.08.20 -
GData 19 2009.08.20 -
Ikarus T3.1.1.68.0 2009.08.20 -
Jiangmin 11.0.800 2009.08.20 -
K7AntiVirus 7.10.822 2009.08.19 -
Kaspersky 7.0.0.125 2009.08.20 -
McAfee 5714 2009.08.19 -
McAfee+Artemis 5714 2009.08.19 -
McAfee-GW-Edition 6.8.5 2009.08.20 -
Microsoft 1.4903 2009.08.20 -
NOD32 4350 2009.08.20 -
Norman 6.01.09 2009.08.19 -
nProtect 2009.1.8.0 2009.08.20 -
Panda 10.0.0.14 2009.08.20 -
PCTools 4.4.2.0 2009.08.19 -
Prevx 3.0 2009.08.20 -
Rising 21.43.31.00 2009.08.20 -
Sophos 4.44.0 2009.08.20 -
Sunbelt 3.2.1858.2 2009.08.20 -
Symantec 1.4.4.12 2009.08.20 -
TheHacker 6.3.4.3.383 2009.08.13 -
TrendMicro 8.950.0.1094 2009.08.20 -
VBA32 3.12.10.9 2009.08.20 -
ViRobot 2009.8.20.1892 2009.08.20 -
VirusBuster 4.6.5.0 2009.08.19 -
Information additionnelle
File size: 574976 bytes
MD5...: 78a08dd6a8d65e697c18e1db01c5cdca
SHA1..: c40f3c1fcbd8a61ad5f36e16971feb64407bbc66
SHA256: e0e6f3ed05068e32f1d5c2d2b38cdef4536b8656db6756c66cf6b40b60c8f3da
ssdeep: 12288:CosOm5JqnuiIT8j4l7yT68kdUDzAGOjICueFWI0m9:eJ+uiIQ4kTTkdUDE
PflFWI0
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x85384
timedatestamp.....: 0x48025be5 (Sun Apr 13 19:15:49 2008)
machinetype.......: 0x14c (I386)
( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x300 0x17879 0x17880 6.57 7a0cc809877394dcb00f251125cde1d0
.rdata 0x17b80 0x7078 0x7080 6.30 95baacb27e75d4140da94f3e43c659d6
.data 0x1ec00 0x1b10 0x1b80 0.74 9cb37a38036e823a0152bb209239dffd
PAGE 0x20780 0x64b6b 0x64b80 6.51 7de1f4c3a0a474314fe86e158e01cd73
INIT 0x85300 0x36fe 0x3700 6.07 ded61bc7fa643b884fdf69cc4d48c308
.rsrc 0x88a00 0x3e0 0x400 3.34 7153f5b12fab0213e839e612df3320ab
.reloc 0x88e00 0x37a0 0x3800 6.73 5db2361b4571130ef61ec5a1deac3e22
( 3 imports )
> HAL.dll: KeAcquireInStackQueuedSpinLock, ExAcquireFastMutex, KeReleaseQueuedSpinLock, KeAcquireQueuedSpinLock, KfReleaseSpinLock, ExTryToAcquireFastMutex, ExReleaseFastMutex, KeReleaseInStackQueuedSpinLock, KfAcquireSpinLock
> ksecdd.sys: GenerateSessionKey, EfsGenerateKey, GenerateDirEfs, InitSecurityInterfaceW, EfsDecryptFek
> ntoskrnl.exe: ExRaiseStatus, FsRtlNormalizeNtstatus, CcFlushCache, ExIsResourceAcquiredExclusiveLite, RtlInitUnicodeString, InterlockedPopEntrySList, InterlockedPushEntrySList, KeQuerySystemTime, RtlCompareMemory, FsRtlAreNamesEqual, FsRtlCheckLockForWriteAccess, FsRtlOplockIsFastIoPossible, FsRtlCheckOplock, CcSetDirtyPinnedData, MmSetAddressRangeModified, MmCanFileBeTruncated, RtlGenerate8dot3Name, RtlUpcaseUnicodeString, CcCopyWrite, CcCanIWrite, CcMdlWriteComplete, MmMapLockedPagesSpecifyCache, CcPrepareMdlWrite, IoGetTopLevelIrp, _aullshr, _allshl, IoGetStackLimits, RtlSetBits, RtlClearBits, FsRtlGetNextLargeMcbEntry, RtlAreBitsSet, RtlFindLastBackwardRunClear, RtlNumberOfClearBits, _allmul, RtlAreBitsClear, RtlFindClearBits, RtlFindClearRuns, FsRtlRemoveLargeMcbEntry, FsRtlLookupLargeMcbEntry, FsRtlAddLargeMcbEntry, KeReleaseMutant, ObfDereferenceObject, CcUninitializeCacheMap, CcSetLogHandleForFile, CcInitializeCacheMap, IoCreateStreamFileObjectLite, KeWaitForSingleObject, CcMapData, CcPinMappedData, CcPinRead, CcPreparePinWrite, CcMdlReadComplete, KeBugCheckEx, CcZeroData, FsRtlIsNtstatusExpected, DbgBreakPoint, DbgPrint, KdDebuggerEnabled, FsRtlNotifyVolumeEvent, RtlDeleteElementGenericTableAvl, IoRemoveShareAccess, FsRtlAddToTunnelCache, FsRtlFastUnlockAll, IoGetRequestorProcess, FsRtlNotifyFilterReportChange, FsRtlDeleteKeyFromTunnelCache, FsRtlNotifyCleanup, FsRtlNotifyFilterChangeDirectory, MmFlushImageSection, KeLeaveCriticalRegion, IoSetTopLevelIrp, KeEnterCriticalRegion, IofCompleteRequest, ExQueueWorkItem, IoGetCurrentProcess, FsRtlIsNameInExpression, FsRtlDoesNameContainWildCards, IoCheckEaBufferValidity, ExIsResourceAcquiredSharedLite, KeSetEvent, IoSetInformation, FsRtlOplockFsctrl, IoUpdateShareAccess, IoSetShareAccess, IoCheckShareAccess, FsRtlCurrentBatchOplock, ObReleaseObjectSecurity, ObGetObjectSecurity, SePrivilegeCheck, CcWaitForCurrentLazyWriterActivity, RtlGetOwnerSecurityDescriptor, FsRtlFindInTunnelCache, SeSinglePrivilegeCheck, KeClearEvent, FsRtlDissectName, _alloca_probe, IoCancelIrp, KeSetKernelStackSwapEnable, KeInitializeEvent, IoIsOperationSynchronous, IofCallDriver, MmUnmapLockedPages, IoBuildPartialMdl, IoFreeMdl, MmProbeAndLockPages, IoAllocateMdl, KeGetCurrentThread, RtlDecompressBuffer, RtlDecompressFragment, RtlGetCompressionWorkSpaceSize, MmBuildMdlForNonPagedPool, IoFreeIrp, ExReleaseResourceForThreadLite, CcUnpinDataForThread, CcSetBcbOwnerPointer, FsRtlIsTotalDeviceFailure, IoMakeAssociatedIrp, ObfReferenceObject, ExGetExclusiveWaiterCount, KeDelayExecutionThread, ObReferenceObjectByHandle, IoFileObjectType, _local_unwind2, RtlCompressBuffer, MmUnlockPages, IoBuildAsynchronousFsdRequest, RtlLookupElementGenericTableAvl, SeCaptureSubjectContext, RtlUpperString, RtlCompareString, RtlInitString, FsRtlLegalAnsiCharacterArray, NlsOemLeadByteInfo, NlsMbOemCodePageTag, SeDeleteObjectAuditAlarm, ObQueryObjectAuditingByHandle, CcPurgeCacheSection, _allrem, SeAuditHardLinkCreation, SeAuditingHardLinkEventsWithContext, IoBuildDeviceIoControlRequest, CcMdlRead, KeNumberProcessors, CcDeferWrite, ZwClose, ZwCreateFile, ProbeForRead, IoBuildSynchronousFsdRequest, IoGetRelatedDeviceObject, MmPrefetchPages, ProbeForWrite, _alldiv, RtlLengthSid, SeReleaseSubjectContext, SeUnlockSubjectContext, SeAccessCheck, SeLockSubjectContext, RtlMapGenericMask, IoGetFileObjectGenericMapping, CcSetAdditionalCacheAttributes, FsRtlBalanceReads, ObQueryNameString, wcslen, IoCreateDevice, FsRtlIncrementCcFastReadResourceMiss, FsRtlIncrementCcFastReadNotPossible, CcFastCopyRead, FsRtlIncrementCcFastReadNoWait, FsRtlIncrementCcFastReadWait, CcFastCopyWrite, CcFastMdlReadWait, FsRtlUninitializeLargeMcb, FsRtlInitializeLargeMcb, FsRtlPrivateLock, FsRtlFastUnlockSingle, FsRtlFastUnlockAllByKey, FsRtlProcessFileLock, ExDeleteResourceLite, ExInitializeResourceLite, KeInitializeSpinLock, FsRtlResetLargeMcb, KeSetTimer, ExAcquireSharedStarveExclusive, CcGetDirtyPages, KeSetPriorityThread, FsRtlLookupLastLargeMcbEntry, FsRtlNumberOfRunsInLargeMcb, FsRtlSplitLargeMcb, FsRtlTruncateLargeMcb, CcRemapBcb, RtlFreeOemString, RtlUnicodeStringToCountedOemString, FsRtlIsFatDbcsLegal, FsRtlFastCheckLockForWrite, FsRtlFastCheckLockForRead, IoRaiseInformationalHardError, RtlAppendUnicodeStringToString, RtlCopyUnicodeString, IoVolumeDeviceToDosName, IoReleaseCancelSpinLock, IoAcquireCancelSpinLock, CcMdlWriteAbort, IoIsSystemThread, RtlLengthSecurityDescriptor, SeAssignSecurity, RtlSetDaclSecurityDescriptor, RtlCreateSecurityDescriptor, RtlAddAccessAllowedAce, RtlCreateAcl, RtlSubAuthoritySid, RtlInitializeSid, RtlLengthRequiredSid, ExInitializePagedLookasideList, ExInitializeNPagedLookasideList, MmIsThisAnNtAsSystem, MmQuerySystemSize, ZwQueryValueKey, ZwOpenKey, RtlVerifyVersionInfo, VerSetConditionMask, IoRegisterDriverReinitialization, KeInitializeDpc, KeInitializeTimer, IoRegisterFileSystem, KeBugCheck, KeInitializeMutant, FsRtlMdlWriteCompleteDev, FsRtlMdlReadCompleteDev, ExUuidCreate, RtlDelete, RtlSplay, RtlValidSid, RtlInsertElementGenericTableFullAvl, RtlLookupElementGenericTableFullAvl, SeQueryInformationToken, RtlEqualSid, SeExports, IoCheckQuotaBufferValidity, RtlInitializeGenericTableAvl, CcSetReadAheadGranularity, FsRtlCheckLockForReadAccess, ExAcquireSharedWaitForExclusive, FsRtlPostStackOverflow, FsRtlPostPagingFileStackOverflow, IoReleaseVpbSpinLock, IoAcquireVpbSpinLock, SeValidSecurityDescriptor, SeFreePrivileges, SeDeassignSecurity, SeSetSecurityDescriptorInfo, SeQuerySecurityDescriptorInfo, SeOpenObjectAuditAlarm, SeOpenObjectForDeleteAuditAlarm, SeAppendPrivileges, SeAuditingFileEventsWithContext, RtlEnumerateGenericTableWithoutSplayingAvl, FsRtlFreeFileLock, FsRtlAllocateFileLock, ExReinitializeResourceLite, FsRtlNotifyInitializeSync, FsRtlInitializeTunnelCache, RtlInsertElementGenericTableAvl, FsRtlUninitializeOplock, FsRtlInitializeOplock, FsRtlTeardownPerStreamContexts, IoDeleteDevice, FsRtlDeleteTunnelCache, FsRtlNotifyUninitializeSync, RtlEnumerateGenericTableAvl, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, IoSetDeviceToVerify, KeTickCount, _abnormal_termination, _except_handler3, RtlFindNextForwardRunClear, ExAcquireFastMutexUnsafe, ExAllocatePoolWithTag, RtlInitializeBitMap, ExFreePoolWithTag, memmove, ExReleaseFastMutexUnsafe, ExReleaseResourceLite, _allshr, ExAcquireResourceSharedLite, ExAcquireResourceExclusiveLite, CcUnpinData, CcCopyRead, CcSetFileSizes, RtlFillMemoryUlong, IoPageRead, IoFreeErrorLogEntry, IoSynchronousPageWrite, ExDeletePagedLookasideList, ExDeleteNPagedLookasideList, IoGetDeviceObjectPointer, KeUnstackDetachProcess, KeStackAttachProcess, PsLookupProcessByProcessId, ZwWaitForSingleObject, PsCreateSystemThread, ZwCreateEvent, PoQueueShutdownWorkItem, ZwFreeVirtualMemory, PsRevertToSelf, PsDereferenceImpersonationToken, PsImpersonateClient, PsReferenceImpersonationToken, ZwAllocateVirtualMemory, ObReferenceObjectByPointer
( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.20 -
AhnLab-V3 5.0.0.2 2009.08.20 -
AntiVir 7.9.1.3 2009.08.20 -
Antiy-AVL 2.0.3.7 2009.08.20 -
Authentium 5.1.2.4 2009.08.19 -
Avast 4.8.1335.0 2009.08.19 -
AVG 8.5.0.406 2009.08.19 -
BitDefender 7.2 2009.08.20 -
CAT-QuickHeal 10.00 2009.08.19 -
ClamAV 0.94.1 2009.08.20 -
Comodo 2032 2009.08.20 -
DrWeb 5.0.0.12182 2009.08.20 -
eSafe 7.0.17.0 2009.08.19 -
eTrust-Vet 31.6.6688 2009.08.19 -
F-Prot 4.4.4.56 2009.08.19 -
F-Secure 8.0.14470.0 2009.08.20 -
Fortinet 3.120.0.0 2009.08.20 -
GData 19 2009.08.20 -
Ikarus T3.1.1.68.0 2009.08.20 -
Jiangmin 11.0.800 2009.08.20 -
K7AntiVirus 7.10.822 2009.08.19 -
Kaspersky 7.0.0.125 2009.08.20 -
McAfee 5714 2009.08.19 -
McAfee+Artemis 5714 2009.08.19 -
McAfee-GW-Edition 6.8.5 2009.08.20 -
Microsoft 1.4903 2009.08.20 -
NOD32 4350 2009.08.20 -
Norman 6.01.09 2009.08.19 -
nProtect 2009.1.8.0 2009.08.20 -
Panda 10.0.0.14 2009.08.20 -
PCTools 4.4.2.0 2009.08.19 -
Prevx 3.0 2009.08.20 -
Rising 21.43.31.00 2009.08.20 -
Sophos 4.44.0 2009.08.20 -
Sunbelt 3.2.1858.2 2009.08.20 -
Symantec 1.4.4.12 2009.08.20 -
TheHacker 6.3.4.3.383 2009.08.13 -
TrendMicro 8.950.0.1094 2009.08.20 -
VBA32 3.12.10.9 2009.08.20 -
ViRobot 2009.8.20.1892 2009.08.20 -
VirusBuster 4.6.5.0 2009.08.19 -
Information additionnelle
File size: 574976 bytes
MD5...: 78a08dd6a8d65e697c18e1db01c5cdca
SHA1..: c40f3c1fcbd8a61ad5f36e16971feb64407bbc66
SHA256: e0e6f3ed05068e32f1d5c2d2b38cdef4536b8656db6756c66cf6b40b60c8f3da
ssdeep: 12288:CosOm5JqnuiIT8j4l7yT68kdUDzAGOjICueFWI0m9:eJ+uiIQ4kTTkdUDE
PflFWI0
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x85384
timedatestamp.....: 0x48025be5 (Sun Apr 13 19:15:49 2008)
machinetype.......: 0x14c (I386)
( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x300 0x17879 0x17880 6.57 7a0cc809877394dcb00f251125cde1d0
.rdata 0x17b80 0x7078 0x7080 6.30 95baacb27e75d4140da94f3e43c659d6
.data 0x1ec00 0x1b10 0x1b80 0.74 9cb37a38036e823a0152bb209239dffd
PAGE 0x20780 0x64b6b 0x64b80 6.51 7de1f4c3a0a474314fe86e158e01cd73
INIT 0x85300 0x36fe 0x3700 6.07 ded61bc7fa643b884fdf69cc4d48c308
.rsrc 0x88a00 0x3e0 0x400 3.34 7153f5b12fab0213e839e612df3320ab
.reloc 0x88e00 0x37a0 0x3800 6.73 5db2361b4571130ef61ec5a1deac3e22
( 3 imports )
> HAL.dll: KeAcquireInStackQueuedSpinLock, ExAcquireFastMutex, KeReleaseQueuedSpinLock, KeAcquireQueuedSpinLock, KfReleaseSpinLock, ExTryToAcquireFastMutex, ExReleaseFastMutex, KeReleaseInStackQueuedSpinLock, KfAcquireSpinLock
> ksecdd.sys: GenerateSessionKey, EfsGenerateKey, GenerateDirEfs, InitSecurityInterfaceW, EfsDecryptFek
> ntoskrnl.exe: ExRaiseStatus, FsRtlNormalizeNtstatus, CcFlushCache, ExIsResourceAcquiredExclusiveLite, RtlInitUnicodeString, InterlockedPopEntrySList, InterlockedPushEntrySList, KeQuerySystemTime, RtlCompareMemory, FsRtlAreNamesEqual, FsRtlCheckLockForWriteAccess, FsRtlOplockIsFastIoPossible, FsRtlCheckOplock, CcSetDirtyPinnedData, MmSetAddressRangeModified, MmCanFileBeTruncated, RtlGenerate8dot3Name, RtlUpcaseUnicodeString, CcCopyWrite, CcCanIWrite, CcMdlWriteComplete, MmMapLockedPagesSpecifyCache, CcPrepareMdlWrite, IoGetTopLevelIrp, _aullshr, _allshl, IoGetStackLimits, RtlSetBits, RtlClearBits, FsRtlGetNextLargeMcbEntry, RtlAreBitsSet, RtlFindLastBackwardRunClear, RtlNumberOfClearBits, _allmul, RtlAreBitsClear, RtlFindClearBits, RtlFindClearRuns, FsRtlRemoveLargeMcbEntry, FsRtlLookupLargeMcbEntry, FsRtlAddLargeMcbEntry, KeReleaseMutant, ObfDereferenceObject, CcUninitializeCacheMap, CcSetLogHandleForFile, CcInitializeCacheMap, IoCreateStreamFileObjectLite, KeWaitForSingleObject, CcMapData, CcPinMappedData, CcPinRead, CcPreparePinWrite, CcMdlReadComplete, KeBugCheckEx, CcZeroData, FsRtlIsNtstatusExpected, DbgBreakPoint, DbgPrint, KdDebuggerEnabled, FsRtlNotifyVolumeEvent, RtlDeleteElementGenericTableAvl, IoRemoveShareAccess, FsRtlAddToTunnelCache, FsRtlFastUnlockAll, IoGetRequestorProcess, FsRtlNotifyFilterReportChange, FsRtlDeleteKeyFromTunnelCache, FsRtlNotifyCleanup, FsRtlNotifyFilterChangeDirectory, MmFlushImageSection, KeLeaveCriticalRegion, IoSetTopLevelIrp, KeEnterCriticalRegion, IofCompleteRequest, ExQueueWorkItem, IoGetCurrentProcess, FsRtlIsNameInExpression, FsRtlDoesNameContainWildCards, IoCheckEaBufferValidity, ExIsResourceAcquiredSharedLite, KeSetEvent, IoSetInformation, FsRtlOplockFsctrl, IoUpdateShareAccess, IoSetShareAccess, IoCheckShareAccess, FsRtlCurrentBatchOplock, ObReleaseObjectSecurity, ObGetObjectSecurity, SePrivilegeCheck, CcWaitForCurrentLazyWriterActivity, RtlGetOwnerSecurityDescriptor, FsRtlFindInTunnelCache, SeSinglePrivilegeCheck, KeClearEvent, FsRtlDissectName, _alloca_probe, IoCancelIrp, KeSetKernelStackSwapEnable, KeInitializeEvent, IoIsOperationSynchronous, IofCallDriver, MmUnmapLockedPages, IoBuildPartialMdl, IoFreeMdl, MmProbeAndLockPages, IoAllocateMdl, KeGetCurrentThread, RtlDecompressBuffer, RtlDecompressFragment, RtlGetCompressionWorkSpaceSize, MmBuildMdlForNonPagedPool, IoFreeIrp, ExReleaseResourceForThreadLite, CcUnpinDataForThread, CcSetBcbOwnerPointer, FsRtlIsTotalDeviceFailure, IoMakeAssociatedIrp, ObfReferenceObject, ExGetExclusiveWaiterCount, KeDelayExecutionThread, ObReferenceObjectByHandle, IoFileObjectType, _local_unwind2, RtlCompressBuffer, MmUnlockPages, IoBuildAsynchronousFsdRequest, RtlLookupElementGenericTableAvl, SeCaptureSubjectContext, RtlUpperString, RtlCompareString, RtlInitString, FsRtlLegalAnsiCharacterArray, NlsOemLeadByteInfo, NlsMbOemCodePageTag, SeDeleteObjectAuditAlarm, ObQueryObjectAuditingByHandle, CcPurgeCacheSection, _allrem, SeAuditHardLinkCreation, SeAuditingHardLinkEventsWithContext, IoBuildDeviceIoControlRequest, CcMdlRead, KeNumberProcessors, CcDeferWrite, ZwClose, ZwCreateFile, ProbeForRead, IoBuildSynchronousFsdRequest, IoGetRelatedDeviceObject, MmPrefetchPages, ProbeForWrite, _alldiv, RtlLengthSid, SeReleaseSubjectContext, SeUnlockSubjectContext, SeAccessCheck, SeLockSubjectContext, RtlMapGenericMask, IoGetFileObjectGenericMapping, CcSetAdditionalCacheAttributes, FsRtlBalanceReads, ObQueryNameString, wcslen, IoCreateDevice, FsRtlIncrementCcFastReadResourceMiss, FsRtlIncrementCcFastReadNotPossible, CcFastCopyRead, FsRtlIncrementCcFastReadNoWait, FsRtlIncrementCcFastReadWait, CcFastCopyWrite, CcFastMdlReadWait, FsRtlUninitializeLargeMcb, FsRtlInitializeLargeMcb, FsRtlPrivateLock, FsRtlFastUnlockSingle, FsRtlFastUnlockAllByKey, FsRtlProcessFileLock, ExDeleteResourceLite, ExInitializeResourceLite, KeInitializeSpinLock, FsRtlResetLargeMcb, KeSetTimer, ExAcquireSharedStarveExclusive, CcGetDirtyPages, KeSetPriorityThread, FsRtlLookupLastLargeMcbEntry, FsRtlNumberOfRunsInLargeMcb, FsRtlSplitLargeMcb, FsRtlTruncateLargeMcb, CcRemapBcb, RtlFreeOemString, RtlUnicodeStringToCountedOemString, FsRtlIsFatDbcsLegal, FsRtlFastCheckLockForWrite, FsRtlFastCheckLockForRead, IoRaiseInformationalHardError, RtlAppendUnicodeStringToString, RtlCopyUnicodeString, IoVolumeDeviceToDosName, IoReleaseCancelSpinLock, IoAcquireCancelSpinLock, CcMdlWriteAbort, IoIsSystemThread, RtlLengthSecurityDescriptor, SeAssignSecurity, RtlSetDaclSecurityDescriptor, RtlCreateSecurityDescriptor, RtlAddAccessAllowedAce, RtlCreateAcl, RtlSubAuthoritySid, RtlInitializeSid, RtlLengthRequiredSid, ExInitializePagedLookasideList, ExInitializeNPagedLookasideList, MmIsThisAnNtAsSystem, MmQuerySystemSize, ZwQueryValueKey, ZwOpenKey, RtlVerifyVersionInfo, VerSetConditionMask, IoRegisterDriverReinitialization, KeInitializeDpc, KeInitializeTimer, IoRegisterFileSystem, KeBugCheck, KeInitializeMutant, FsRtlMdlWriteCompleteDev, FsRtlMdlReadCompleteDev, ExUuidCreate, RtlDelete, RtlSplay, RtlValidSid, RtlInsertElementGenericTableFullAvl, RtlLookupElementGenericTableFullAvl, SeQueryInformationToken, RtlEqualSid, SeExports, IoCheckQuotaBufferValidity, RtlInitializeGenericTableAvl, CcSetReadAheadGranularity, FsRtlCheckLockForReadAccess, ExAcquireSharedWaitForExclusive, FsRtlPostStackOverflow, FsRtlPostPagingFileStackOverflow, IoReleaseVpbSpinLock, IoAcquireVpbSpinLock, SeValidSecurityDescriptor, SeFreePrivileges, SeDeassignSecurity, SeSetSecurityDescriptorInfo, SeQuerySecurityDescriptorInfo, SeOpenObjectAuditAlarm, SeOpenObjectForDeleteAuditAlarm, SeAppendPrivileges, SeAuditingFileEventsWithContext, RtlEnumerateGenericTableWithoutSplayingAvl, FsRtlFreeFileLock, FsRtlAllocateFileLock, ExReinitializeResourceLite, FsRtlNotifyInitializeSync, FsRtlInitializeTunnelCache, RtlInsertElementGenericTableAvl, FsRtlUninitializeOplock, FsRtlInitializeOplock, FsRtlTeardownPerStreamContexts, IoDeleteDevice, FsRtlDeleteTunnelCache, FsRtlNotifyUninitializeSync, RtlEnumerateGenericTableAvl, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, IoSetDeviceToVerify, KeTickCount, _abnormal_termination, _except_handler3, RtlFindNextForwardRunClear, ExAcquireFastMutexUnsafe, ExAllocatePoolWithTag, RtlInitializeBitMap, ExFreePoolWithTag, memmove, ExReleaseFastMutexUnsafe, ExReleaseResourceLite, _allshr, ExAcquireResourceSharedLite, ExAcquireResourceExclusiveLite, CcUnpinData, CcCopyRead, CcSetFileSizes, RtlFillMemoryUlong, IoPageRead, IoFreeErrorLogEntry, IoSynchronousPageWrite, ExDeletePagedLookasideList, ExDeleteNPagedLookasideList, IoGetDeviceObjectPointer, KeUnstackDetachProcess, KeStackAttachProcess, PsLookupProcessByProcessId, ZwWaitForSingleObject, PsCreateSystemThread, ZwCreateEvent, PoQueueShutdownWorkItem, ZwFreeVirtualMemory, PsRevertToSelf, PsDereferenceImpersonationToken, PsImpersonateClient, PsReferenceImpersonationToken, ZwAllocateVirtualMemory, ObReferenceObjectByPointer
( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-
feshme
Messages postés
94
Date d'inscription
lundi 17 août 2009
Statut
Membre
Dernière intervention
21 août 2009
20 août 2009 à 10:59
20 août 2009 à 10:59
c:\windows\system32\dllcache\Beep.sys
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.20 -
AhnLab-V3 5.0.0.2 2009.08.20 -
AntiVir 7.9.1.3 2009.08.20 -
Antiy-AVL 2.0.3.7 2009.08.20 -
Authentium 5.1.2.4 2009.08.19 -
Avast 4.8.1335.0 2009.08.19 -
AVG 8.5.0.406 2009.08.19 -
BitDefender 7.2 2009.08.20 -
CAT-QuickHeal 10.00 2009.08.19 -
ClamAV 0.94.1 2009.08.20 -
Comodo 2032 2009.08.20 -
DrWeb 5.0.0.12182 2009.08.20 -
eSafe 7.0.17.0 2009.08.19 Win32.Banker
eTrust-Vet 31.6.6688 2009.08.19 -
F-Prot 4.4.4.56 2009.08.19 -
F-Secure 8.0.14470.0 2009.08.20 -
Fortinet 3.120.0.0 2009.08.20 -
GData 19 2009.08.20 -
Ikarus T3.1.1.68.0 2009.08.20 -
Jiangmin 11.0.800 2009.08.20 -
K7AntiVirus 7.10.822 2009.08.19 -
Kaspersky 7.0.0.125 2009.08.20 -
McAfee 5714 2009.08.19 -
McAfee+Artemis 5714 2009.08.19 -
McAfee-GW-Edition 6.8.5 2009.08.20 -
Microsoft 1.4903 2009.08.20 -
NOD32 4350 2009.08.20 -
Norman 6.01.09 2009.08.19 -
nProtect 2009.1.8.0 2009.08.20 -
Panda 10.0.0.14 2009.08.20 -
PCTools 4.4.2.0 2009.08.19 -
Prevx 3.0 2009.08.20 -
Rising 21.43.31.00 2009.08.20 -
Sophos 4.44.0 2009.08.20 -
Sunbelt 3.2.1858.2 2009.08.20 -
Symantec 1.4.4.12 2009.08.20 -
TheHacker 6.3.4.3.383 2009.08.13 -
TrendMicro 8.950.0.1094 2009.08.20 -
VBA32 3.12.10.9 2009.08.20 -
ViRobot 2009.8.20.1892 2009.08.20 -
VirusBuster 4.6.5.0 2009.08.19 -
Information additionnelle
File size: 4224 bytes
MD5...: da1f27d85e0d1525f6621372e7b685e9
SHA1..: e3d2dc5eb273fa701de8af13b60d6baac7629260
SHA256: 5a81a46a3bdd19dafc6c87d277267a5d44f3a1b5302f2cc1111d84b7bad5610d
ssdeep: 48:qvsINlblgYeU/DtYrmVimGxIBqOopSDKGV7Co+sjIZWQ7q2ue5WwGD+:ilbd/
DKrmLGWBqhev7X+MEWKLu+Ww8
PEiD..: -
TrID..: File type identification
Win64 Executable Generic (95.5%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x66c
timedatestamp.....: 0x3b7d82e5 (Fri Aug 17 20:47:33 2001)
machinetype.......: 0x14c (I386)
( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x300 0x424 0x480 5.77 64f775a399d212649b5b58a280791c2d
.rdata 0x780 0xad 0x100 2.62 0ace5f365131534c66de4137833221ad
INIT 0x880 0x284 0x300 4.44 13a9d0bea8490140305ffa9291acfd99
.rsrc 0xb80 0x3c8 0x400 3.22 9b654fc1759147ff04b147754f347be4
.reloc 0xf80 0x9a 0x100 2.80 5c4742feb834ca0995d1e806fe06cc57
( 2 imports )
> ntoskrnl.exe: MmLockPagableDataSection, KeCancelTimer, MmUnlockPagableImageSection, IoStartNextPacket, KeSetTimer, _allmul, IoStartPacket, KeInitializeEvent, KeInitializeTimer, KeInitializeDpc, IoCreateDevice, RtlInitUnicodeString, IoAcquireCancelSpinLock, KeRemoveDeviceQueue, KeRemoveEntryDeviceQueue, IoReleaseCancelSpinLock, IoDeleteDevice, IofCompleteRequest
> HAL.dll: ExReleaseFastMutex, KfRaiseIrql, KfLowerIrql, HalMakeBeep, ExAcquireFastMutex
( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
( Topics Entertainment )
> Instant Home Design: beep.sys
( Symantec )
> Norton SystemWorks 2005: BEEP.SYS
( Compaq )
> Compaq Operating System CD: beep.sys
( NewTech Infosystems Inc. )
> CD-Maker Plus Edition: beep.sys
( The Learning Company Inc. )
> Reader Rabbits Toddler: beep.sys
( Dell )
> Reinstallation CD Microsoft Windows XP Professional: beep.sys
( Microsoft )
> Operating System Reinstallation CD Microsoft Windows XP Professional Service Pack 2: beep.sys
> MSDN Disc 2466.2: beep.sys
> MSDN Disc 2466.1: beep.sys
> MSDN Disc 2466.4: beep.sys
> MSDN Disc 2465: beep.sys
> MSDN Disc 2464: beep.sys
> MSDN Disc 2466: beep.sys
> Windows XP: beep.sys
> Microsoft TechNet Trial Software 2002 Volume 1: beep.sys
> MSDN Disc2389: beep.sys
> MSDN disc 2455.2: beep.sys
> Windows 98 Versions: beep.sys
> MSDN MSIE 6.0, IE 6.0 SP1, Windows 2000 Advanced Server, Windows 2000 Professional, Windows 2000 Server, Windows 98 Second ed., Windows ME, Win XP Pro: beep.sys
> MSDN Disc 2438.7: beep.sys
> MSDN Disc 2438.2: beep.sys
> MSDN Disc 2438.1: beep.sys
> MSDN Disc 3264: beep.sys
> MSDN Disc 2455: beep.sys
> MSDN Disc 2438.8: beep.sys
> MSDN Disc 2428.1: beep.sys
> MSDN Disc 2428.2: beep.sys
> MSDN Disc 2428.5: beep.sys
> MSDN Disc 2428.4: beep.sys
> MSDN Disc 2428.8: beep.sys
> Platforms, SDK/DDK: beep.sys
> Internet Explorer Versions: beep.sys
> Virtual PC for Mac Windows XP Professional Edition: beep.sys
> Platforms: beep.sys
> MSDN DISC 2438.3: beep.sys
> Platforms SDKs/DDKs: beep.sys
> MSDN Disc 2053: beep.sys
> MSDN Disc 2444: beep.sys
> MSDN Disc 2443: beep.sys
> MSDN Disc 2442: beep.sys
> MSDN Disc 2441: beep.sys
> Internet Explorer: beep.sys
> MSDN Disc2428.3: beep.sys
> MSDN Disc 1550: beep.sys
> MSDN Disc 2455.6: beep.sys
> MSDN Disc 2455.1: beep.sys
> MSDN Disc 2476.1: beep.sys
> MSDN Disc 2476.2: beep.sys
> 2262A: Supporting Users Running Applications on a Microsoft Windows XP Operating System: beep.sys
> Disc 2438.5: beep.sys
> 2261A: Supporting Users Running the Microsoft Windows XP Operating System: beep.sys
> MSDN Disc 2041: beep.sys
> MSDN Disc 2439.3: beep.sys
> MSDN Disc 2439.2: beep.sys
> MSDN Disc 2439.1: beep.sys
> MSDN Disc 2439.7: beep.sys
> MSDN Disc 2439.6: beep.sys
> MSDN Disc 2438: beep.sys
> MSDN Disc 2439: beep.sys
> MSDN Disc 2465.4: beep.sys
> MSDN Disc 2465.5: beep.sys
> MSDN Disc 2465.2: beep.sys
> Windows XP Professional: beep.sys
> MSDN Disc 2364: beep.sys
> Office XP Professional with FrontPage: beep.sys
> Microsoft Windows XP Professional: beep.sys
> Windows XP Professional 2002 Service Pack 1: beep.sys
> MSDN Disc 2443.1: beep.sys
> MSDN Disc 2443.2: beep.sys
> MSDN Disc 2443.4: beep.sys
> MSDN disc 2465.3: beep.sys
> MSDN Disc 2441.1: beep.sys
> MSDN Disc 2441.6: beep.sys
> MSDN Disc 2441.7: beep.sys
> MSDN Disc 2441.5: beep.sys
> MSDN Disc 2428: beep.sys
> MSDN Disc 2477.2: beep.sys
> Windows XP Home Edition: beep.sys
> Windows CE .NET Evaluation Software: beep.sys
> MSDN Disc 2307: beep.sys
> Implementing and Supporting Microsoft Windows XP Professional: beep.sys
> MSDN Disc 2464.1: beep.sys
> MSDN Disc 2464.5: beep.sys
> MSDN Disc 2439.8: beep.sys
> MSDN Disc 2440.5: beep.sys
> MSDN Disc 2440.4: beep.sys
> MSDN Disc 2440.3: beep.sys
> MSDN Disc2365: beep.sys
> MDSN Disc 2441.2: beep.sys
> Platforms, SDK/DDK, Developer Tools: beep.sys
> MSDN disc 2390: beep.sys
> MSDN Disc 2476.4: beep.sys
> Microsoft Security Resource Kit: beep.sys
> Windows 2000 Versions: beep.sys
> MSDN Disc 2444.3: beep.sys
> MSDN Disc 2444.1: beep.sys
> MSDN Disc 2444.6: beep.sys
> MSDN Disc 2444.4: beep.sys
> Virtual PC for Mac Windows XP Home Edition: beep.sys
> Windows XP eMbedded Evaluation Software: beep.sys
> MSDN Disc 2476: beep.sys
> MSDN Disc 2442.4: beep.sys
> MSDN Disc 2442.6: beep.sys
> MSDN Disc 2442.1: beep.sys
> Applications, Platforms, Servers: beep.sys
> MSDN Disc 2442.3: beep.sys
> MSDN Disc 2442.2: beep.sys
> Windows XP Tablet PC Edition: beep.sys
> Applications, Platforms: beep.sys
( Sony )
> Sony VAIO Recover CDs: BEEP.SYS
( Gateway )
> Gateway Operating System Windows XP Pro Edition SP2: BEEP.SYS,beep.sys
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=da1f27d85e0d1525f6621372e7b685e9' target='_blank'>https://www.symantec.com?md5=da1f27d85e0d1525f6621372e7b685e9</a>
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.20 -
AhnLab-V3 5.0.0.2 2009.08.20 -
AntiVir 7.9.1.3 2009.08.20 -
Antiy-AVL 2.0.3.7 2009.08.20 -
Authentium 5.1.2.4 2009.08.19 -
Avast 4.8.1335.0 2009.08.19 -
AVG 8.5.0.406 2009.08.19 -
BitDefender 7.2 2009.08.20 -
CAT-QuickHeal 10.00 2009.08.19 -
ClamAV 0.94.1 2009.08.20 -
Comodo 2032 2009.08.20 -
DrWeb 5.0.0.12182 2009.08.20 -
eSafe 7.0.17.0 2009.08.19 Win32.Banker
eTrust-Vet 31.6.6688 2009.08.19 -
F-Prot 4.4.4.56 2009.08.19 -
F-Secure 8.0.14470.0 2009.08.20 -
Fortinet 3.120.0.0 2009.08.20 -
GData 19 2009.08.20 -
Ikarus T3.1.1.68.0 2009.08.20 -
Jiangmin 11.0.800 2009.08.20 -
K7AntiVirus 7.10.822 2009.08.19 -
Kaspersky 7.0.0.125 2009.08.20 -
McAfee 5714 2009.08.19 -
McAfee+Artemis 5714 2009.08.19 -
McAfee-GW-Edition 6.8.5 2009.08.20 -
Microsoft 1.4903 2009.08.20 -
NOD32 4350 2009.08.20 -
Norman 6.01.09 2009.08.19 -
nProtect 2009.1.8.0 2009.08.20 -
Panda 10.0.0.14 2009.08.20 -
PCTools 4.4.2.0 2009.08.19 -
Prevx 3.0 2009.08.20 -
Rising 21.43.31.00 2009.08.20 -
Sophos 4.44.0 2009.08.20 -
Sunbelt 3.2.1858.2 2009.08.20 -
Symantec 1.4.4.12 2009.08.20 -
TheHacker 6.3.4.3.383 2009.08.13 -
TrendMicro 8.950.0.1094 2009.08.20 -
VBA32 3.12.10.9 2009.08.20 -
ViRobot 2009.8.20.1892 2009.08.20 -
VirusBuster 4.6.5.0 2009.08.19 -
Information additionnelle
File size: 4224 bytes
MD5...: da1f27d85e0d1525f6621372e7b685e9
SHA1..: e3d2dc5eb273fa701de8af13b60d6baac7629260
SHA256: 5a81a46a3bdd19dafc6c87d277267a5d44f3a1b5302f2cc1111d84b7bad5610d
ssdeep: 48:qvsINlblgYeU/DtYrmVimGxIBqOopSDKGV7Co+sjIZWQ7q2ue5WwGD+:ilbd/
DKrmLGWBqhev7X+MEWKLu+Ww8
PEiD..: -
TrID..: File type identification
Win64 Executable Generic (95.5%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x66c
timedatestamp.....: 0x3b7d82e5 (Fri Aug 17 20:47:33 2001)
machinetype.......: 0x14c (I386)
( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x300 0x424 0x480 5.77 64f775a399d212649b5b58a280791c2d
.rdata 0x780 0xad 0x100 2.62 0ace5f365131534c66de4137833221ad
INIT 0x880 0x284 0x300 4.44 13a9d0bea8490140305ffa9291acfd99
.rsrc 0xb80 0x3c8 0x400 3.22 9b654fc1759147ff04b147754f347be4
.reloc 0xf80 0x9a 0x100 2.80 5c4742feb834ca0995d1e806fe06cc57
( 2 imports )
> ntoskrnl.exe: MmLockPagableDataSection, KeCancelTimer, MmUnlockPagableImageSection, IoStartNextPacket, KeSetTimer, _allmul, IoStartPacket, KeInitializeEvent, KeInitializeTimer, KeInitializeDpc, IoCreateDevice, RtlInitUnicodeString, IoAcquireCancelSpinLock, KeRemoveDeviceQueue, KeRemoveEntryDeviceQueue, IoReleaseCancelSpinLock, IoDeleteDevice, IofCompleteRequest
> HAL.dll: ExReleaseFastMutex, KfRaiseIrql, KfLowerIrql, HalMakeBeep, ExAcquireFastMutex
( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
( Topics Entertainment )
> Instant Home Design: beep.sys
( Symantec )
> Norton SystemWorks 2005: BEEP.SYS
( Compaq )
> Compaq Operating System CD: beep.sys
( NewTech Infosystems Inc. )
> CD-Maker Plus Edition: beep.sys
( The Learning Company Inc. )
> Reader Rabbits Toddler: beep.sys
( Dell )
> Reinstallation CD Microsoft Windows XP Professional: beep.sys
( Microsoft )
> Operating System Reinstallation CD Microsoft Windows XP Professional Service Pack 2: beep.sys
> MSDN Disc 2466.2: beep.sys
> MSDN Disc 2466.1: beep.sys
> MSDN Disc 2466.4: beep.sys
> MSDN Disc 2465: beep.sys
> MSDN Disc 2464: beep.sys
> MSDN Disc 2466: beep.sys
> Windows XP: beep.sys
> Microsoft TechNet Trial Software 2002 Volume 1: beep.sys
> MSDN Disc2389: beep.sys
> MSDN disc 2455.2: beep.sys
> Windows 98 Versions: beep.sys
> MSDN MSIE 6.0, IE 6.0 SP1, Windows 2000 Advanced Server, Windows 2000 Professional, Windows 2000 Server, Windows 98 Second ed., Windows ME, Win XP Pro: beep.sys
> MSDN Disc 2438.7: beep.sys
> MSDN Disc 2438.2: beep.sys
> MSDN Disc 2438.1: beep.sys
> MSDN Disc 3264: beep.sys
> MSDN Disc 2455: beep.sys
> MSDN Disc 2438.8: beep.sys
> MSDN Disc 2428.1: beep.sys
> MSDN Disc 2428.2: beep.sys
> MSDN Disc 2428.5: beep.sys
> MSDN Disc 2428.4: beep.sys
> MSDN Disc 2428.8: beep.sys
> Platforms, SDK/DDK: beep.sys
> Internet Explorer Versions: beep.sys
> Virtual PC for Mac Windows XP Professional Edition: beep.sys
> Platforms: beep.sys
> MSDN DISC 2438.3: beep.sys
> Platforms SDKs/DDKs: beep.sys
> MSDN Disc 2053: beep.sys
> MSDN Disc 2444: beep.sys
> MSDN Disc 2443: beep.sys
> MSDN Disc 2442: beep.sys
> MSDN Disc 2441: beep.sys
> Internet Explorer: beep.sys
> MSDN Disc2428.3: beep.sys
> MSDN Disc 1550: beep.sys
> MSDN Disc 2455.6: beep.sys
> MSDN Disc 2455.1: beep.sys
> MSDN Disc 2476.1: beep.sys
> MSDN Disc 2476.2: beep.sys
> 2262A: Supporting Users Running Applications on a Microsoft Windows XP Operating System: beep.sys
> Disc 2438.5: beep.sys
> 2261A: Supporting Users Running the Microsoft Windows XP Operating System: beep.sys
> MSDN Disc 2041: beep.sys
> MSDN Disc 2439.3: beep.sys
> MSDN Disc 2439.2: beep.sys
> MSDN Disc 2439.1: beep.sys
> MSDN Disc 2439.7: beep.sys
> MSDN Disc 2439.6: beep.sys
> MSDN Disc 2438: beep.sys
> MSDN Disc 2439: beep.sys
> MSDN Disc 2465.4: beep.sys
> MSDN Disc 2465.5: beep.sys
> MSDN Disc 2465.2: beep.sys
> Windows XP Professional: beep.sys
> MSDN Disc 2364: beep.sys
> Office XP Professional with FrontPage: beep.sys
> Microsoft Windows XP Professional: beep.sys
> Windows XP Professional 2002 Service Pack 1: beep.sys
> MSDN Disc 2443.1: beep.sys
> MSDN Disc 2443.2: beep.sys
> MSDN Disc 2443.4: beep.sys
> MSDN disc 2465.3: beep.sys
> MSDN Disc 2441.1: beep.sys
> MSDN Disc 2441.6: beep.sys
> MSDN Disc 2441.7: beep.sys
> MSDN Disc 2441.5: beep.sys
> MSDN Disc 2428: beep.sys
> MSDN Disc 2477.2: beep.sys
> Windows XP Home Edition: beep.sys
> Windows CE .NET Evaluation Software: beep.sys
> MSDN Disc 2307: beep.sys
> Implementing and Supporting Microsoft Windows XP Professional: beep.sys
> MSDN Disc 2464.1: beep.sys
> MSDN Disc 2464.5: beep.sys
> MSDN Disc 2439.8: beep.sys
> MSDN Disc 2440.5: beep.sys
> MSDN Disc 2440.4: beep.sys
> MSDN Disc 2440.3: beep.sys
> MSDN Disc2365: beep.sys
> MDSN Disc 2441.2: beep.sys
> Platforms, SDK/DDK, Developer Tools: beep.sys
> MSDN disc 2390: beep.sys
> MSDN Disc 2476.4: beep.sys
> Microsoft Security Resource Kit: beep.sys
> Windows 2000 Versions: beep.sys
> MSDN Disc 2444.3: beep.sys
> MSDN Disc 2444.1: beep.sys
> MSDN Disc 2444.6: beep.sys
> MSDN Disc 2444.4: beep.sys
> Virtual PC for Mac Windows XP Home Edition: beep.sys
> Windows XP eMbedded Evaluation Software: beep.sys
> MSDN Disc 2476: beep.sys
> MSDN Disc 2442.4: beep.sys
> MSDN Disc 2442.6: beep.sys
> MSDN Disc 2442.1: beep.sys
> Applications, Platforms, Servers: beep.sys
> MSDN Disc 2442.3: beep.sys
> MSDN Disc 2442.2: beep.sys
> Windows XP Tablet PC Edition: beep.sys
> Applications, Platforms: beep.sys
( Sony )
> Sony VAIO Recover CDs: BEEP.SYS
( Gateway )
> Gateway Operating System Windows XP Pro Edition SP2: BEEP.SYS,beep.sys
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=da1f27d85e0d1525f6621372e7b685e9' target='_blank'>https://www.symantec.com?md5=da1f27d85e0d1525f6621372e7b685e9</a>
feshme
Messages postés
94
Date d'inscription
lundi 17 août 2009
Statut
Membre
Dernière intervention
21 août 2009
20 août 2009 à 11:01
20 août 2009 à 11:01
c:\windows\system32\drivers\beep.sys
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.20 -
AhnLab-V3 5.0.0.2 2009.08.20 -
AntiVir 7.9.1.3 2009.08.20 -
Antiy-AVL 2.0.3.7 2009.08.20 -
Authentium 5.1.2.4 2009.08.19 -
Avast 4.8.1335.0 2009.08.19 -
AVG 8.5.0.406 2009.08.19 -
BitDefender 7.2 2009.08.20 -
CAT-QuickHeal 10.00 2009.08.19 -
ClamAV 0.94.1 2009.08.20 -
Comodo 2032 2009.08.20 -
DrWeb 5.0.0.12182 2009.08.20 -
eSafe 7.0.17.0 2009.08.19 Win32.Banker
eTrust-Vet 31.6.6688 2009.08.19 -
F-Prot 4.4.4.56 2009.08.19 -
F-Secure 8.0.14470.0 2009.08.20 -
Fortinet 3.120.0.0 2009.08.20 -
GData 19 2009.08.20 -
Ikarus T3.1.1.68.0 2009.08.20 -
Jiangmin 11.0.800 2009.08.20 -
K7AntiVirus 7.10.822 2009.08.19 -
Kaspersky 7.0.0.125 2009.08.20 -
McAfee 5714 2009.08.19 -
McAfee+Artemis 5714 2009.08.19 -
McAfee-GW-Edition 6.8.5 2009.08.20 -
Microsoft 1.4903 2009.08.20 -
NOD32 4350 2009.08.20 -
Norman 6.01.09 2009.08.19 -
nProtect 2009.1.8.0 2009.08.20 -
Panda 10.0.0.14 2009.08.20 -
PCTools 4.4.2.0 2009.08.19 -
Prevx 3.0 2009.08.20 -
Rising 21.43.31.00 2009.08.20 -
Sophos 4.44.0 2009.08.20 -
Sunbelt 3.2.1858.2 2009.08.20 -
Symantec 1.4.4.12 2009.08.20 -
TheHacker 6.3.4.3.383 2009.08.13 -
TrendMicro 8.950.0.1094 2009.08.20 -
VBA32 3.12.10.9 2009.08.20 -
ViRobot 2009.8.20.1892 2009.08.20 -
VirusBuster 4.6.5.0 2009.08.19 -
Information additionnelle
File size: 4224 bytes
MD5...: da1f27d85e0d1525f6621372e7b685e9
SHA1..: e3d2dc5eb273fa701de8af13b60d6baac7629260
SHA256: 5a81a46a3bdd19dafc6c87d277267a5d44f3a1b5302f2cc1111d84b7bad5610d
ssdeep: 48:qvsINlblgYeU/DtYrmVimGxIBqOopSDKGV7Co+sjIZWQ7q2ue5WwGD+:ilbd/
DKrmLGWBqhev7X+MEWKLu+Ww8
PEiD..: -
TrID..: File type identification
Win64 Executable Generic (95.5%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x66c
timedatestamp.....: 0x3b7d82e5 (Fri Aug 17 20:47:33 2001)
machinetype.......: 0x14c (I386)
( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x300 0x424 0x480 5.77 64f775a399d212649b5b58a280791c2d
.rdata 0x780 0xad 0x100 2.62 0ace5f365131534c66de4137833221ad
INIT 0x880 0x284 0x300 4.44 13a9d0bea8490140305ffa9291acfd99
.rsrc 0xb80 0x3c8 0x400 3.22 9b654fc1759147ff04b147754f347be4
.reloc 0xf80 0x9a 0x100 2.80 5c4742feb834ca0995d1e806fe06cc57
( 2 imports )
> ntoskrnl.exe: MmLockPagableDataSection, KeCancelTimer, MmUnlockPagableImageSection, IoStartNextPacket, KeSetTimer, _allmul, IoStartPacket, KeInitializeEvent, KeInitializeTimer, KeInitializeDpc, IoCreateDevice, RtlInitUnicodeString, IoAcquireCancelSpinLock, KeRemoveDeviceQueue, KeRemoveEntryDeviceQueue, IoReleaseCancelSpinLock, IoDeleteDevice, IofCompleteRequest
> HAL.dll: ExReleaseFastMutex, KfRaiseIrql, KfLowerIrql, HalMakeBeep, ExAcquireFastMutex
( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
( Topics Entertainment )
> Instant Home Design: beep.sys
( Symantec )
> Norton SystemWorks 2005: BEEP.SYS
( Compaq )
> Compaq Operating System CD: beep.sys
( NewTech Infosystems Inc. )
> CD-Maker Plus Edition: beep.sys
( The Learning Company Inc. )
> Reader Rabbits Toddler: beep.sys
( Dell )
> Reinstallation CD Microsoft Windows XP Professional: beep.sys
( Microsoft )
> Operating System Reinstallation CD Microsoft Windows XP Professional Service Pack 2: beep.sys
> MSDN Disc 2466.2: beep.sys
> MSDN Disc 2466.1: beep.sys
> MSDN Disc 2466.4: beep.sys
> MSDN Disc 2465: beep.sys
> MSDN Disc 2464: beep.sys
> MSDN Disc 2466: beep.sys
> Windows XP: beep.sys
> Microsoft TechNet Trial Software 2002 Volume 1: beep.sys
> MSDN Disc2389: beep.sys
> MSDN disc 2455.2: beep.sys
> Windows 98 Versions: beep.sys
> MSDN MSIE 6.0, IE 6.0 SP1, Windows 2000 Advanced Server, Windows 2000 Professional, Windows 2000 Server, Windows 98 Second ed., Windows ME, Win XP Pro: beep.sys
> MSDN Disc 2438.7: beep.sys
> MSDN Disc 2438.2: beep.sys
> MSDN Disc 2438.1: beep.sys
> MSDN Disc 3264: beep.sys
> MSDN Disc 2455: beep.sys
> MSDN Disc 2438.8: beep.sys
> MSDN Disc 2428.1: beep.sys
> MSDN Disc 2428.2: beep.sys
> MSDN Disc 2428.5: beep.sys
> MSDN Disc 2428.4: beep.sys
> MSDN Disc 2428.8: beep.sys
> Platforms, SDK/DDK: beep.sys
> Internet Explorer Versions: beep.sys
> Virtual PC for Mac Windows XP Professional Edition: beep.sys
> Platforms: beep.sys
> MSDN DISC 2438.3: beep.sys
> Platforms SDKs/DDKs: beep.sys
> MSDN Disc 2053: beep.sys
> MSDN Disc 2444: beep.sys
> MSDN Disc 2443: beep.sys
> MSDN Disc 2442: beep.sys
> MSDN Disc 2441: beep.sys
> Internet Explorer: beep.sys
> MSDN Disc2428.3: beep.sys
> MSDN Disc 1550: beep.sys
> MSDN Disc 2455.6: beep.sys
> MSDN Disc 2455.1: beep.sys
> MSDN Disc 2476.1: beep.sys
> MSDN Disc 2476.2: beep.sys
> 2262A: Supporting Users Running Applications on a Microsoft Windows XP Operating System: beep.sys
> Disc 2438.5: beep.sys
> 2261A: Supporting Users Running the Microsoft Windows XP Operating System: beep.sys
> MSDN Disc 2041: beep.sys
> MSDN Disc 2439.3: beep.sys
> MSDN Disc 2439.2: beep.sys
> MSDN Disc 2439.1: beep.sys
> MSDN Disc 2439.7: beep.sys
> MSDN Disc 2439.6: beep.sys
> MSDN Disc 2438: beep.sys
> MSDN Disc 2439: beep.sys
> MSDN Disc 2465.4: beep.sys
> MSDN Disc 2465.5: beep.sys
> MSDN Disc 2465.2: beep.sys
> Windows XP Professional: beep.sys
> MSDN Disc 2364: beep.sys
> Office XP Professional with FrontPage: beep.sys
> Microsoft Windows XP Professional: beep.sys
> Windows XP Professional 2002 Service Pack 1: beep.sys
> MSDN Disc 2443.1: beep.sys
> MSDN Disc 2443.2: beep.sys
> MSDN Disc 2443.4: beep.sys
> MSDN disc 2465.3: beep.sys
> MSDN Disc 2441.1: beep.sys
> MSDN Disc 2441.6: beep.sys
> MSDN Disc 2441.7: beep.sys
> MSDN Disc 2441.5: beep.sys
> MSDN Disc 2428: beep.sys
> MSDN Disc 2477.2: beep.sys
> Windows XP Home Edition: beep.sys
> Windows CE .NET Evaluation Software: beep.sys
> MSDN Disc 2307: beep.sys
> Implementing and Supporting Microsoft Windows XP Professional: beep.sys
> MSDN Disc 2464.1: beep.sys
> MSDN Disc 2464.5: beep.sys
> MSDN Disc 2439.8: beep.sys
> MSDN Disc 2440.5: beep.sys
> MSDN Disc 2440.4: beep.sys
> MSDN Disc 2440.3: beep.sys
> MSDN Disc2365: beep.sys
> MDSN Disc 2441.2: beep.sys
> Platforms, SDK/DDK, Developer Tools: beep.sys
> MSDN disc 2390: beep.sys
> MSDN Disc 2476.4: beep.sys
> Microsoft Security Resource Kit: beep.sys
> Windows 2000 Versions: beep.sys
> MSDN Disc 2444.3: beep.sys
> MSDN Disc 2444.1: beep.sys
> MSDN Disc 2444.6: beep.sys
> MSDN Disc 2444.4: beep.sys
> Virtual PC for Mac Windows XP Home Edition: beep.sys
> Windows XP eMbedded Evaluation Software: beep.sys
> MSDN Disc 2476: beep.sys
> MSDN Disc 2442.4: beep.sys
> MSDN Disc 2442.6: beep.sys
> MSDN Disc 2442.1: beep.sys
> Applications, Platforms, Servers: beep.sys
> MSDN Disc 2442.3: beep.sys
> MSDN Disc 2442.2: beep.sys
> Windows XP Tablet PC Edition: beep.sys
> Applications, Platforms: beep.sys
( Sony )
> Sony VAIO Recover CDs: BEEP.SYS
( Gateway )
> Gateway Operating System Windows XP Pro Edition SP2: BEEP.SYS,beep.sys
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=da1f27d85e0d1525f6621372e7b685e9' target='_blank'>https://www.symantec.com?md5=da1f27d85e0d1525f6621372e7b685e9</a>
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.20 -
AhnLab-V3 5.0.0.2 2009.08.20 -
AntiVir 7.9.1.3 2009.08.20 -
Antiy-AVL 2.0.3.7 2009.08.20 -
Authentium 5.1.2.4 2009.08.19 -
Avast 4.8.1335.0 2009.08.19 -
AVG 8.5.0.406 2009.08.19 -
BitDefender 7.2 2009.08.20 -
CAT-QuickHeal 10.00 2009.08.19 -
ClamAV 0.94.1 2009.08.20 -
Comodo 2032 2009.08.20 -
DrWeb 5.0.0.12182 2009.08.20 -
eSafe 7.0.17.0 2009.08.19 Win32.Banker
eTrust-Vet 31.6.6688 2009.08.19 -
F-Prot 4.4.4.56 2009.08.19 -
F-Secure 8.0.14470.0 2009.08.20 -
Fortinet 3.120.0.0 2009.08.20 -
GData 19 2009.08.20 -
Ikarus T3.1.1.68.0 2009.08.20 -
Jiangmin 11.0.800 2009.08.20 -
K7AntiVirus 7.10.822 2009.08.19 -
Kaspersky 7.0.0.125 2009.08.20 -
McAfee 5714 2009.08.19 -
McAfee+Artemis 5714 2009.08.19 -
McAfee-GW-Edition 6.8.5 2009.08.20 -
Microsoft 1.4903 2009.08.20 -
NOD32 4350 2009.08.20 -
Norman 6.01.09 2009.08.19 -
nProtect 2009.1.8.0 2009.08.20 -
Panda 10.0.0.14 2009.08.20 -
PCTools 4.4.2.0 2009.08.19 -
Prevx 3.0 2009.08.20 -
Rising 21.43.31.00 2009.08.20 -
Sophos 4.44.0 2009.08.20 -
Sunbelt 3.2.1858.2 2009.08.20 -
Symantec 1.4.4.12 2009.08.20 -
TheHacker 6.3.4.3.383 2009.08.13 -
TrendMicro 8.950.0.1094 2009.08.20 -
VBA32 3.12.10.9 2009.08.20 -
ViRobot 2009.8.20.1892 2009.08.20 -
VirusBuster 4.6.5.0 2009.08.19 -
Information additionnelle
File size: 4224 bytes
MD5...: da1f27d85e0d1525f6621372e7b685e9
SHA1..: e3d2dc5eb273fa701de8af13b60d6baac7629260
SHA256: 5a81a46a3bdd19dafc6c87d277267a5d44f3a1b5302f2cc1111d84b7bad5610d
ssdeep: 48:qvsINlblgYeU/DtYrmVimGxIBqOopSDKGV7Co+sjIZWQ7q2ue5WwGD+:ilbd/
DKrmLGWBqhev7X+MEWKLu+Ww8
PEiD..: -
TrID..: File type identification
Win64 Executable Generic (95.5%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x66c
timedatestamp.....: 0x3b7d82e5 (Fri Aug 17 20:47:33 2001)
machinetype.......: 0x14c (I386)
( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x300 0x424 0x480 5.77 64f775a399d212649b5b58a280791c2d
.rdata 0x780 0xad 0x100 2.62 0ace5f365131534c66de4137833221ad
INIT 0x880 0x284 0x300 4.44 13a9d0bea8490140305ffa9291acfd99
.rsrc 0xb80 0x3c8 0x400 3.22 9b654fc1759147ff04b147754f347be4
.reloc 0xf80 0x9a 0x100 2.80 5c4742feb834ca0995d1e806fe06cc57
( 2 imports )
> ntoskrnl.exe: MmLockPagableDataSection, KeCancelTimer, MmUnlockPagableImageSection, IoStartNextPacket, KeSetTimer, _allmul, IoStartPacket, KeInitializeEvent, KeInitializeTimer, KeInitializeDpc, IoCreateDevice, RtlInitUnicodeString, IoAcquireCancelSpinLock, KeRemoveDeviceQueue, KeRemoveEntryDeviceQueue, IoReleaseCancelSpinLock, IoDeleteDevice, IofCompleteRequest
> HAL.dll: ExReleaseFastMutex, KfRaiseIrql, KfLowerIrql, HalMakeBeep, ExAcquireFastMutex
( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
( Topics Entertainment )
> Instant Home Design: beep.sys
( Symantec )
> Norton SystemWorks 2005: BEEP.SYS
( Compaq )
> Compaq Operating System CD: beep.sys
( NewTech Infosystems Inc. )
> CD-Maker Plus Edition: beep.sys
( The Learning Company Inc. )
> Reader Rabbits Toddler: beep.sys
( Dell )
> Reinstallation CD Microsoft Windows XP Professional: beep.sys
( Microsoft )
> Operating System Reinstallation CD Microsoft Windows XP Professional Service Pack 2: beep.sys
> MSDN Disc 2466.2: beep.sys
> MSDN Disc 2466.1: beep.sys
> MSDN Disc 2466.4: beep.sys
> MSDN Disc 2465: beep.sys
> MSDN Disc 2464: beep.sys
> MSDN Disc 2466: beep.sys
> Windows XP: beep.sys
> Microsoft TechNet Trial Software 2002 Volume 1: beep.sys
> MSDN Disc2389: beep.sys
> MSDN disc 2455.2: beep.sys
> Windows 98 Versions: beep.sys
> MSDN MSIE 6.0, IE 6.0 SP1, Windows 2000 Advanced Server, Windows 2000 Professional, Windows 2000 Server, Windows 98 Second ed., Windows ME, Win XP Pro: beep.sys
> MSDN Disc 2438.7: beep.sys
> MSDN Disc 2438.2: beep.sys
> MSDN Disc 2438.1: beep.sys
> MSDN Disc 3264: beep.sys
> MSDN Disc 2455: beep.sys
> MSDN Disc 2438.8: beep.sys
> MSDN Disc 2428.1: beep.sys
> MSDN Disc 2428.2: beep.sys
> MSDN Disc 2428.5: beep.sys
> MSDN Disc 2428.4: beep.sys
> MSDN Disc 2428.8: beep.sys
> Platforms, SDK/DDK: beep.sys
> Internet Explorer Versions: beep.sys
> Virtual PC for Mac Windows XP Professional Edition: beep.sys
> Platforms: beep.sys
> MSDN DISC 2438.3: beep.sys
> Platforms SDKs/DDKs: beep.sys
> MSDN Disc 2053: beep.sys
> MSDN Disc 2444: beep.sys
> MSDN Disc 2443: beep.sys
> MSDN Disc 2442: beep.sys
> MSDN Disc 2441: beep.sys
> Internet Explorer: beep.sys
> MSDN Disc2428.3: beep.sys
> MSDN Disc 1550: beep.sys
> MSDN Disc 2455.6: beep.sys
> MSDN Disc 2455.1: beep.sys
> MSDN Disc 2476.1: beep.sys
> MSDN Disc 2476.2: beep.sys
> 2262A: Supporting Users Running Applications on a Microsoft Windows XP Operating System: beep.sys
> Disc 2438.5: beep.sys
> 2261A: Supporting Users Running the Microsoft Windows XP Operating System: beep.sys
> MSDN Disc 2041: beep.sys
> MSDN Disc 2439.3: beep.sys
> MSDN Disc 2439.2: beep.sys
> MSDN Disc 2439.1: beep.sys
> MSDN Disc 2439.7: beep.sys
> MSDN Disc 2439.6: beep.sys
> MSDN Disc 2438: beep.sys
> MSDN Disc 2439: beep.sys
> MSDN Disc 2465.4: beep.sys
> MSDN Disc 2465.5: beep.sys
> MSDN Disc 2465.2: beep.sys
> Windows XP Professional: beep.sys
> MSDN Disc 2364: beep.sys
> Office XP Professional with FrontPage: beep.sys
> Microsoft Windows XP Professional: beep.sys
> Windows XP Professional 2002 Service Pack 1: beep.sys
> MSDN Disc 2443.1: beep.sys
> MSDN Disc 2443.2: beep.sys
> MSDN Disc 2443.4: beep.sys
> MSDN disc 2465.3: beep.sys
> MSDN Disc 2441.1: beep.sys
> MSDN Disc 2441.6: beep.sys
> MSDN Disc 2441.7: beep.sys
> MSDN Disc 2441.5: beep.sys
> MSDN Disc 2428: beep.sys
> MSDN Disc 2477.2: beep.sys
> Windows XP Home Edition: beep.sys
> Windows CE .NET Evaluation Software: beep.sys
> MSDN Disc 2307: beep.sys
> Implementing and Supporting Microsoft Windows XP Professional: beep.sys
> MSDN Disc 2464.1: beep.sys
> MSDN Disc 2464.5: beep.sys
> MSDN Disc 2439.8: beep.sys
> MSDN Disc 2440.5: beep.sys
> MSDN Disc 2440.4: beep.sys
> MSDN Disc 2440.3: beep.sys
> MSDN Disc2365: beep.sys
> MDSN Disc 2441.2: beep.sys
> Platforms, SDK/DDK, Developer Tools: beep.sys
> MSDN disc 2390: beep.sys
> MSDN Disc 2476.4: beep.sys
> Microsoft Security Resource Kit: beep.sys
> Windows 2000 Versions: beep.sys
> MSDN Disc 2444.3: beep.sys
> MSDN Disc 2444.1: beep.sys
> MSDN Disc 2444.6: beep.sys
> MSDN Disc 2444.4: beep.sys
> Virtual PC for Mac Windows XP Home Edition: beep.sys
> Windows XP eMbedded Evaluation Software: beep.sys
> MSDN Disc 2476: beep.sys
> MSDN Disc 2442.4: beep.sys
> MSDN Disc 2442.6: beep.sys
> MSDN Disc 2442.1: beep.sys
> Applications, Platforms, Servers: beep.sys
> MSDN Disc 2442.3: beep.sys
> MSDN Disc 2442.2: beep.sys
> Windows XP Tablet PC Edition: beep.sys
> Applications, Platforms: beep.sys
( Sony )
> Sony VAIO Recover CDs: BEEP.SYS
( Gateway )
> Gateway Operating System Windows XP Pro Edition SP2: BEEP.SYS,beep.sys
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=da1f27d85e0d1525f6621372e7b685e9' target='_blank'>https://www.symantec.com?md5=da1f27d85e0d1525f6621372e7b685e9</a>
feshme
Messages postés
94
Date d'inscription
lundi 17 août 2009
Statut
Membre
Dernière intervention
21 août 2009
20 août 2009 à 11:04
20 août 2009 à 11:04
c:\windows\system32\mspmsnsv.dll
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.20 -
AhnLab-V3 5.0.0.2 2009.08.20 -
AntiVir 7.9.1.3 2009.08.20 -
Antiy-AVL 2.0.3.7 2009.08.20 -
Authentium 5.1.2.4 2009.08.19 -
Avast 4.8.1335.0 2009.08.19 -
AVG 8.5.0.406 2009.08.19 -
BitDefender 7.2 2009.08.20 -
CAT-QuickHeal 10.00 2009.08.19 -
ClamAV 0.94.1 2009.08.20 -
Comodo 2032 2009.08.20 -
DrWeb 5.0.0.12182 2009.08.20 -
eSafe 7.0.17.0 2009.08.19 -
eTrust-Vet 31.6.6688 2009.08.19 -
F-Prot 4.4.4.56 2009.08.19 -
F-Secure 8.0.14470.0 2009.08.20 -
Fortinet 3.120.0.0 2009.08.20 -
GData 19 2009.08.20 -
Ikarus T3.1.1.68.0 2009.08.20 -
Jiangmin 11.0.800 2009.08.20 -
K7AntiVirus 7.10.822 2009.08.19 -
Kaspersky 7.0.0.125 2009.08.20 -
McAfee 5714 2009.08.19 -
McAfee+Artemis 5714 2009.08.19 -
McAfee-GW-Edition 6.8.5 2009.08.20 -
Microsoft 1.4903 2009.08.20 -
NOD32 4350 2009.08.20 -
Norman 6.01.09 2009.08.19 -
nProtect 2009.1.8.0 2009.08.20 -
Panda 10.0.0.14 2009.08.20 -
PCTools 4.4.2.0 2009.08.19 -
Prevx 3.0 2009.08.20 -
Rising 21.43.31.00 2009.08.20 -
Sophos 4.44.0 2009.08.20 -
Sunbelt 3.2.1858.2 2009.08.20 -
Symantec 1.4.4.12 2009.08.20 -
TheHacker 6.3.4.3.383 2009.08.13 -
TrendMicro 8.950.0.1094 2009.08.20 -
VBA32 3.12.10.9 2009.08.20 -
ViRobot 2009.8.20.1892 2009.08.20 -
VirusBuster 4.6.5.0 2009.08.19 -
Information additionnelle
File size: 52736 bytes
MD5...: 762b2a5f0e8b0164a5db6741959dfb0c
SHA1..: 724560d7bb92b09bb511af884b99c80fd41b0a89
SHA256: 110575bb00fe3ab09376401e72d2012fc97eb213ce1fdeccd4ade83a1b21e722
ssdeep: 1536:4ggtgoQrdsm8fmDwegYsbmsoTGI91zt4qegMQ1a2k0n5L:4ggtg0eDwaswx
egMKa2k0n5
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x3f57
timedatestamp.....: 0x4110968b (Wed Aug 04 07:55:55 2004)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xa5b7 0xa600 6.61 84358aa56d7c354951ea4f5fbcdb4d8d
.data 0xc000 0x6b8 0x600 4.51 ddfe7f007dd8189312fa111594da482b
.rsrc 0xd000 0x8a0 0xa00 3.84 7a8463a2d27d60007a3c7f7b692ac54c
.reloc 0xe000 0x12e0 0x1400 4.92 94d2e71202ad9efc050244b7ef326e4d
( 4 imports )
> KERNEL32.dll: QueryPerformanceCounter, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, FlushFileBuffers, GetFileAttributesA, SetFileAttributesA, GetVolumeInformationA, SetErrorMode, GetCurrentDirectoryA, GetModuleHandleA, QueryDosDeviceA, GetSystemDirectoryA, LoadLibraryA, WideCharToMultiByte, WaitNamedPipeW, CreateFileA, CreateFileW, DeviceIoControl, CompareStringA, GetDriveTypeA, GetCurrentProcess, TerminateProcess, GetModuleFileNameA, FormatMessageA, LoadLibraryExA, GetProcAddress, FormatMessageW, FreeLibrary, GetTickCount, Sleep, SetLastError, InitializeCriticalSection, DisableThreadLibraryCalls, LeaveCriticalSection, DeleteCriticalSection, LocalAlloc, CreateNamedPipeA, LocalFree, ResetEvent, GetOverlappedResult, WaitForMultipleObjects, WriteFile, ReadFile, ConnectNamedPipe, SetEvent, CloseHandle, CancelIo, WaitForSingleObject, DisconnectNamedPipe, CreateEventA, GetLastError, GetDriveTypeW, EnterCriticalSection, SetCurrentDirectoryA, GetVersionExA
> msvcrt.dll: malloc, _onexit, __dllonexit, _adjust_fdiv, _initterm, free, wcslen, wcscmp, wcscpy, __2@YAPAXI@Z, memmove, __3@YAXPAX@Z, _except_handler3, _purecall, __CxxFrameHandler, _CxxThrowException, strstr, strcpy, strncpy, memset, atoi, memcpy, isdigit, strcmp, strncmp, strlen, strcat, time, _memccpy, sscanf, sprintf, _strupr, _stricmp, _strnicmp, _ultoa, __1type_info@@UAE@XZ, _terminate@@YAXXZ
> ADVAPI32.dll: AllocateAndInitializeSid, RegOpenKeyA, RegEnumKeyA, RegOpenKeyExA, RegEnumKeyExA, RegQueryValueExA, StartServiceA, CreateServiceA, RegSetValueExA, QueryServiceStatus, ControlService, DeleteService, RegDeleteKeyA, RegCreateKeyA, RegQueryValueExW, RegSetValueExW, RegCloseKey, GetSecurityInfo, SetSecurityInfo, RegisterServiceCtrlHandlerA, SetEntriesInAclA, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, FreeSid, ImpersonateNamedPipeClient, RevertToSelf, SetServiceStatus, RegisterEventSourceA, ReportEventA, DeregisterEventSource, OpenSCManagerA, OpenServiceA, CloseServiceHandle
> USER32.dll: LoadImageA, LoadIconA, CharLowerA, CharUpperA, wsprintfA
( 4 exports )
DllMain, DllRegisterServer, DllUnregisterServer, ServiceMain
PDFiD.: -
RDS...: NSRL Reference Data Set
( Microsoft )
> MSDN Disc 2439.8: mspmsnsv.dll
> MSDN Disc 2439.7: mspmsnsv.dll
> MSDN Disc 2439.6: mspmsnsv.dll
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.20 -
AhnLab-V3 5.0.0.2 2009.08.20 -
AntiVir 7.9.1.3 2009.08.20 -
Antiy-AVL 2.0.3.7 2009.08.20 -
Authentium 5.1.2.4 2009.08.19 -
Avast 4.8.1335.0 2009.08.19 -
AVG 8.5.0.406 2009.08.19 -
BitDefender 7.2 2009.08.20 -
CAT-QuickHeal 10.00 2009.08.19 -
ClamAV 0.94.1 2009.08.20 -
Comodo 2032 2009.08.20 -
DrWeb 5.0.0.12182 2009.08.20 -
eSafe 7.0.17.0 2009.08.19 -
eTrust-Vet 31.6.6688 2009.08.19 -
F-Prot 4.4.4.56 2009.08.19 -
F-Secure 8.0.14470.0 2009.08.20 -
Fortinet 3.120.0.0 2009.08.20 -
GData 19 2009.08.20 -
Ikarus T3.1.1.68.0 2009.08.20 -
Jiangmin 11.0.800 2009.08.20 -
K7AntiVirus 7.10.822 2009.08.19 -
Kaspersky 7.0.0.125 2009.08.20 -
McAfee 5714 2009.08.19 -
McAfee+Artemis 5714 2009.08.19 -
McAfee-GW-Edition 6.8.5 2009.08.20 -
Microsoft 1.4903 2009.08.20 -
NOD32 4350 2009.08.20 -
Norman 6.01.09 2009.08.19 -
nProtect 2009.1.8.0 2009.08.20 -
Panda 10.0.0.14 2009.08.20 -
PCTools 4.4.2.0 2009.08.19 -
Prevx 3.0 2009.08.20 -
Rising 21.43.31.00 2009.08.20 -
Sophos 4.44.0 2009.08.20 -
Sunbelt 3.2.1858.2 2009.08.20 -
Symantec 1.4.4.12 2009.08.20 -
TheHacker 6.3.4.3.383 2009.08.13 -
TrendMicro 8.950.0.1094 2009.08.20 -
VBA32 3.12.10.9 2009.08.20 -
ViRobot 2009.8.20.1892 2009.08.20 -
VirusBuster 4.6.5.0 2009.08.19 -
Information additionnelle
File size: 52736 bytes
MD5...: 762b2a5f0e8b0164a5db6741959dfb0c
SHA1..: 724560d7bb92b09bb511af884b99c80fd41b0a89
SHA256: 110575bb00fe3ab09376401e72d2012fc97eb213ce1fdeccd4ade83a1b21e722
ssdeep: 1536:4ggtgoQrdsm8fmDwegYsbmsoTGI91zt4qegMQ1a2k0n5L:4ggtg0eDwaswx
egMKa2k0n5
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x3f57
timedatestamp.....: 0x4110968b (Wed Aug 04 07:55:55 2004)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xa5b7 0xa600 6.61 84358aa56d7c354951ea4f5fbcdb4d8d
.data 0xc000 0x6b8 0x600 4.51 ddfe7f007dd8189312fa111594da482b
.rsrc 0xd000 0x8a0 0xa00 3.84 7a8463a2d27d60007a3c7f7b692ac54c
.reloc 0xe000 0x12e0 0x1400 4.92 94d2e71202ad9efc050244b7ef326e4d
( 4 imports )
> KERNEL32.dll: QueryPerformanceCounter, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, FlushFileBuffers, GetFileAttributesA, SetFileAttributesA, GetVolumeInformationA, SetErrorMode, GetCurrentDirectoryA, GetModuleHandleA, QueryDosDeviceA, GetSystemDirectoryA, LoadLibraryA, WideCharToMultiByte, WaitNamedPipeW, CreateFileA, CreateFileW, DeviceIoControl, CompareStringA, GetDriveTypeA, GetCurrentProcess, TerminateProcess, GetModuleFileNameA, FormatMessageA, LoadLibraryExA, GetProcAddress, FormatMessageW, FreeLibrary, GetTickCount, Sleep, SetLastError, InitializeCriticalSection, DisableThreadLibraryCalls, LeaveCriticalSection, DeleteCriticalSection, LocalAlloc, CreateNamedPipeA, LocalFree, ResetEvent, GetOverlappedResult, WaitForMultipleObjects, WriteFile, ReadFile, ConnectNamedPipe, SetEvent, CloseHandle, CancelIo, WaitForSingleObject, DisconnectNamedPipe, CreateEventA, GetLastError, GetDriveTypeW, EnterCriticalSection, SetCurrentDirectoryA, GetVersionExA
> msvcrt.dll: malloc, _onexit, __dllonexit, _adjust_fdiv, _initterm, free, wcslen, wcscmp, wcscpy, __2@YAPAXI@Z, memmove, __3@YAXPAX@Z, _except_handler3, _purecall, __CxxFrameHandler, _CxxThrowException, strstr, strcpy, strncpy, memset, atoi, memcpy, isdigit, strcmp, strncmp, strlen, strcat, time, _memccpy, sscanf, sprintf, _strupr, _stricmp, _strnicmp, _ultoa, __1type_info@@UAE@XZ, _terminate@@YAXXZ
> ADVAPI32.dll: AllocateAndInitializeSid, RegOpenKeyA, RegEnumKeyA, RegOpenKeyExA, RegEnumKeyExA, RegQueryValueExA, StartServiceA, CreateServiceA, RegSetValueExA, QueryServiceStatus, ControlService, DeleteService, RegDeleteKeyA, RegCreateKeyA, RegQueryValueExW, RegSetValueExW, RegCloseKey, GetSecurityInfo, SetSecurityInfo, RegisterServiceCtrlHandlerA, SetEntriesInAclA, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, FreeSid, ImpersonateNamedPipeClient, RevertToSelf, SetServiceStatus, RegisterEventSourceA, ReportEventA, DeregisterEventSource, OpenSCManagerA, OpenServiceA, CloseServiceHandle
> USER32.dll: LoadImageA, LoadIconA, CharLowerA, CharUpperA, wsprintfA
( 4 exports )
DllMain, DllRegisterServer, DllUnregisterServer, ServiceMain
PDFiD.: -
RDS...: NSRL Reference Data Set
( Microsoft )
> MSDN Disc 2439.8: mspmsnsv.dll
> MSDN Disc 2439.7: mspmsnsv.dll
> MSDN Disc 2439.6: mspmsnsv.dll
feshme
Messages postés
94
Date d'inscription
lundi 17 août 2009
Statut
Membre
Dernière intervention
21 août 2009
20 août 2009 à 11:07
20 août 2009 à 11:07
C:\WINDOWS\SoftwareDistribution\Download\c8f95ed251aedea843abb9ea5b1a52d3\download\BIT40.tmp
Je ne l'est pas trouve dans windows donc j'ai coller le nom directement dans virustotal et voici le resultat : 0 bytes size received / Se ha recibido un archivo vacio
Je ne l'est pas trouve dans windows donc j'ai coller le nom directement dans virustotal et voici le resultat : 0 bytes size received / Se ha recibido un archivo vacio
feshme
Messages postés
94
Date d'inscription
lundi 17 août 2009
Statut
Membre
Dernière intervention
21 août 2009
20 août 2009 à 11:09
20 août 2009 à 11:09
IDEM pour C:\WINDOWS\SoftwareDistribution\Download\ec9dc63e53c8bf9a1e80cf1489c682bd\download\BIT2A.tmp
feshme
Messages postés
94
Date d'inscription
lundi 17 août 2009
Statut
Membre
Dernière intervention
21 août 2009
20 août 2009 à 11:10
20 août 2009 à 11:10
C:\Documents and Settings\All Users\DRM\DRMv1.bak" IDEM
feshme
Messages postés
94
Date d'inscription
lundi 17 août 2009
Statut
Membre
Dernière intervention
21 août 2009
20 août 2009 à 11:13
20 août 2009 à 11:13
C:\Program Files\InterActual\InterActual Player\iti9.tmp"
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.20 -
AhnLab-V3 5.0.0.2 2009.08.20 -
AntiVir 7.9.1.3 2009.08.20 -
Antiy-AVL 2.0.3.7 2009.08.20 -
Authentium 5.1.2.4 2009.08.19 -
Avast 4.8.1335.0 2009.08.19 -
AVG 8.5.0.406 2009.08.19 -
BitDefender 7.2 2009.08.20 -
CAT-QuickHeal 10.00 2009.08.19 -
ClamAV 0.94.1 2009.08.20 -
Comodo 2032 2009.08.20 -
DrWeb 5.0.0.12182 2009.08.20 -
eSafe 7.0.17.0 2009.08.19 -
eTrust-Vet 31.6.6688 2009.08.19 -
F-Prot 4.4.4.56 2009.08.19 -
F-Secure 8.0.14470.0 2009.08.20 -
Fortinet 3.120.0.0 2009.08.20 -
GData 19 2009.08.20 -
Ikarus T3.1.1.68.0 2009.08.20 -
Jiangmin 11.0.800 2009.08.20 -
K7AntiVirus 7.10.822 2009.08.19 -
Kaspersky 7.0.0.125 2009.08.20 -
McAfee 5714 2009.08.19 -
McAfee+Artemis 5714 2009.08.19 -
McAfee-GW-Edition 6.8.5 2009.08.20 -
Microsoft 1.4903 2009.08.20 -
NOD32 4350 2009.08.20 -
Norman 6.01.09 2009.08.19 -
nProtect 2009.1.8.0 2009.08.20 -
Panda 10.0.0.14 2009.08.20 -
PCTools 4.4.2.0 2009.08.19 -
Prevx 3.0 2009.08.20 -
Rising 21.43.31.00 2009.08.20 -
Sophos 4.44.0 2009.08.20 -
Sunbelt 3.2.1858.2 2009.08.20 -
Symantec 1.4.4.12 2009.08.20 -
TheHacker 6.3.4.3.383 2009.08.13 -
TrendMicro 8.950.0.1094 2009.08.20 -
VBA32 3.12.10.9 2009.08.20 -
ViRobot 2009.8.20.1892 2009.08.20 -
VirusBuster 4.6.5.0 2009.08.19 -
Information additionnelle
File size: 4558 bytes
MD5...: 078ad289bca9b4ce1a18506ef1a76dcd
SHA1..: de8ee1fa264a0a5befe77921da45a78bdcc56fac
SHA256: acb381165020cbdc813f433fbeb2d263da57c50bb31ff9d8e3224d91b4e19ae0
ssdeep: 96:ms39jmFuWSA8gPmP1ahL1BQgdTkv13cEjfuH/4Ho9efOYNVPiz9:4gcx
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.20 -
AhnLab-V3 5.0.0.2 2009.08.20 -
AntiVir 7.9.1.3 2009.08.20 -
Antiy-AVL 2.0.3.7 2009.08.20 -
Authentium 5.1.2.4 2009.08.19 -
Avast 4.8.1335.0 2009.08.19 -
AVG 8.5.0.406 2009.08.19 -
BitDefender 7.2 2009.08.20 -
CAT-QuickHeal 10.00 2009.08.19 -
ClamAV 0.94.1 2009.08.20 -
Comodo 2032 2009.08.20 -
DrWeb 5.0.0.12182 2009.08.20 -
eSafe 7.0.17.0 2009.08.19 -
eTrust-Vet 31.6.6688 2009.08.19 -
F-Prot 4.4.4.56 2009.08.19 -
F-Secure 8.0.14470.0 2009.08.20 -
Fortinet 3.120.0.0 2009.08.20 -
GData 19 2009.08.20 -
Ikarus T3.1.1.68.0 2009.08.20 -
Jiangmin 11.0.800 2009.08.20 -
K7AntiVirus 7.10.822 2009.08.19 -
Kaspersky 7.0.0.125 2009.08.20 -
McAfee 5714 2009.08.19 -
McAfee+Artemis 5714 2009.08.19 -
McAfee-GW-Edition 6.8.5 2009.08.20 -
Microsoft 1.4903 2009.08.20 -
NOD32 4350 2009.08.20 -
Norman 6.01.09 2009.08.19 -
nProtect 2009.1.8.0 2009.08.20 -
Panda 10.0.0.14 2009.08.20 -
PCTools 4.4.2.0 2009.08.19 -
Prevx 3.0 2009.08.20 -
Rising 21.43.31.00 2009.08.20 -
Sophos 4.44.0 2009.08.20 -
Sunbelt 3.2.1858.2 2009.08.20 -
Symantec 1.4.4.12 2009.08.20 -
TheHacker 6.3.4.3.383 2009.08.13 -
TrendMicro 8.950.0.1094 2009.08.20 -
VBA32 3.12.10.9 2009.08.20 -
ViRobot 2009.8.20.1892 2009.08.20 -
VirusBuster 4.6.5.0 2009.08.19 -
Information additionnelle
File size: 4558 bytes
MD5...: 078ad289bca9b4ce1a18506ef1a76dcd
SHA1..: de8ee1fa264a0a5befe77921da45a78bdcc56fac
SHA256: acb381165020cbdc813f433fbeb2d263da57c50bb31ff9d8e3224d91b4e19ae0
ssdeep: 96:ms39jmFuWSA8gPmP1ahL1BQgdTkv13cEjfuH/4Ho9efOYNVPiz9:4gcx
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-
plopus
Messages postés
5962
Date d'inscription
jeudi 1 janvier 2009
Statut
Contributeur sécurité
Dernière intervention
11 mars 2012
293
20 août 2009 à 11:13
20 août 2009 à 11:13
as tu afficher les dossier caché comme ceci reverifie un fix a pu anulé ton action
https://www.commentcamarche.net/informatique/windows/185-afficher-les-extensions-et-les-fichiers-caches-sous-windows/
et oublie pas de decocher AUSSI "masquer les extension de fichier connu...."
et reverifie si tu les vois
https://www.commentcamarche.net/informatique/windows/185-afficher-les-extensions-et-les-fichiers-caches-sous-windows/
et oublie pas de decocher AUSSI "masquer les extension de fichier connu...."
et reverifie si tu les vois
feshme
Messages postés
94
Date d'inscription
lundi 17 août 2009
Statut
Membre
Dernière intervention
21 août 2009
20 août 2009 à 11:14
20 août 2009 à 11:14
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
0 bytes size received / Se ha recibido un archivo vacio
0 bytes size received / Se ha recibido un archivo vacio
plopus
Messages postés
5962
Date d'inscription
jeudi 1 janvier 2009
Statut
Contributeur sécurité
Dernière intervention
11 mars 2012
293
20 août 2009 à 11:17
20 août 2009 à 11:17
feshme
Messages postés
94
Date d'inscription
lundi 17 août 2009
Statut
Membre
Dernière intervention
21 août 2009
20 août 2009 à 11:20
20 août 2009 à 11:20
C:\WINDOWS\SoftwareDistribution\Download\c8f95ed251aedea843abb9ea5b1a52d3\download\BIT40.tmp
J'ai reussi a le trouvé dans la hierarchie des fichiers, mais le resultat Virus total est le meme
J'ai reussi a le trouvé dans la hierarchie des fichiers, mais le resultat Virus total est le meme
feshme
Messages postés
94
Date d'inscription
lundi 17 août 2009
Statut
Membre
Dernière intervention
21 août 2009
20 août 2009 à 11:22
20 août 2009 à 11:22
C:\WINDOWS\SoftwareDistribution\Download\ec9dc63e53c8bf9a1e80cf1489c682bd\download\BIT2A.tmp
jai reessayer mais pareil je le trouve cependant virustotal affiche 0 bytes size received / Se ha recibido un archivo vacio
jai reessayer mais pareil je le trouve cependant virustotal affiche 0 bytes size received / Se ha recibido un archivo vacio
